SSH CA and OpenPGP card
boleslaw.tokarski at gmail.com
Fri Mar 27 13:36:45 CET 2015
I am trying to use the OpenPGP card as a SSH CA (see ssh-keygen and i.e.
ssh-keygen by default uses an ssh (private) key to sign a public key of a
server or of an individual.
I managed to successfully use the OpenPGP card for SSH authentication, and
so it can perfectly be used as an SSH key encryption engine.
ssh-keygen *can* sign a public key with a smartcard. Using a PKCS#11 token.
However, I see that the OpenPGP card does not natively talk PKCS#11, but
there's some wrapper library. Am I really forced to use that? Would it work
correctly or would it break the keys currently on the card?
Is the PKCS#11 library for OpenPGP card usable?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users