How to use a PKCS#15 with GnuPG?

Werner Koch wk at
Sat Jun 17 10:35:46 CEST 2017

On Thu, 15 Jun 2017 14:13, ndk.clanbo at said:

> authentication and signing). Both ePass2003 and MyID implement PKCS#15,
> so IIUC they should be usable.

gpg expects an OpenPGP card.  For pkcs#15 you need to use gpgsm.  As a
starter do

 gpgsm --learn-card

which imports the certificates from such cards.  There is no --card-edit
etc, because in general PKCS#15 cards are distributed personalized.
Having done --learn-card once you can use the keys from the card for
X.509 or CMS (aks S/MIME) stuff.

But note, that PKCS#15 does not specifiy everything and card vendors
oftne implement proprietary extensions/modifications.  See
gnupg/scd/app-p15.c for some hints.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170617/03c975d1/attachment.sig>

More information about the Gnupg-users mailing list