SSH CA and OpenPGP card

Bolesław Tokarski boleslaw.tokarski at
Fri Mar 27 13:36:45 CET 2015


I am trying to use the OpenPGP card as a SSH CA (see ssh-keygen and i.e.

ssh-keygen by default uses an ssh (private) key to sign a public key of a
server or of an individual.

I managed to successfully use the OpenPGP card for SSH authentication, and
so it can perfectly be used as an SSH key encryption engine.

ssh-keygen *can* sign a public key with a smartcard. Using a PKCS#11 token.
However, I see that the OpenPGP card does not natively talk PKCS#11, but
there's some wrapper library. Am I really forced to use that? Would it work
correctly or would it break the keys currently on the card?

Is the PKCS#11 library for OpenPGP card usable?

Best regards,
Bolesław Tokarski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150327/43d84d71/attachment.html>

More information about the Gnupg-users mailing list