SSH CA and OpenPGP card
Bolesław Tokarski
boleslaw.tokarski at gmail.com
Fri Mar 27 13:36:45 CET 2015
Hello,
I am trying to use the OpenPGP card as a SSH CA (see ssh-keygen and i.e.
https://blog.habets.se/2011/07/OpenSSH-certificates).
ssh-keygen by default uses an ssh (private) key to sign a public key of a
server or of an individual.
I managed to successfully use the OpenPGP card for SSH authentication, and
so it can perfectly be used as an SSH key encryption engine.
ssh-keygen *can* sign a public key with a smartcard. Using a PKCS#11 token.
However, I see that the OpenPGP card does not natively talk PKCS#11, but
there's some wrapper library. Am I really forced to use that? Would it work
correctly or would it break the keys currently on the card?
Is the PKCS#11 library for OpenPGP card usable?
Best regards,
Bolesław Tokarski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150327/43d84d71/attachment.html>
More information about the Gnupg-users
mailing list