How to sign a PDF using a DNIe
gniibe at fsij.org
Fri Jun 17 06:17:42 CEST 2016
On 06/15/2016 07:34 PM, Yajo wrote:
> I tried then to use both gpg and gpg2 to sign PDFs with no luck.
> I, being a complete dumb in tems of digital signing, submitted a bug
> report against OpenSC project
> <https://github.com/OpenSC/OpenSC/issues/774>, which holds in their core
> distribution the patches to work with DNIe natively. They obviously said
> to me that I should ask gpg developers.
> So, I created a bug for GnuPG <https://bugs.gnupg.org/gnupg/issue2372>,
> but they told me it should be added to scdaemon, and they closed the bug
> so I asked where to submit against scdaemon and they told me it's
> exactly here (so I don't understand why they closed it instead of
> marking it as improvement, but nevermind).
> Then werner told me to ask in the list and here I am.
> So the question is: *how do I sign a PDF with DNIe and GPG?* and if this
> is not currently possible, *where should I report that in the hope that
> somebody with interest, knowledge and resources can implement it (or at
> least future users know there's a bug for that)?*
> I hope some good soul wants to answer those simple questions to me.
I'd recommend to seek other software instead.
Simply, general smartcard is not supported. It seems that you have an
illusion that GnuPG and its scdaemon can support any smartcard in
general. No, we can't.
Fundamentally, while OpenPGPcard can be under control of its user,
general smartcard is designed in the situation that it is under
control by its issuer ( card is usually not a user's property ).
The scdaemon basically supports OpenPGPcard and its compatible only.
For X.509, we have gpgsm and we have drivers for
some specific pkcs#15 cards
however, other than SmartCard-HSM, it's outdated.
Technically speaking, following the way of SmartCard-HSM, it would be
possible to support some smartcard for X.509.
More information about the Gnupg-users