How to use a PKCS#15 with GnuPG?
ndk.clanbo at gmail.com
Sat Jun 17 11:15:53 CEST 2017
Il 17/06/2017 10:35, Werner Koch ha scritto:
> gpg expects an OpenPGP card. For pkcs#15 you need to use gpgsm. As a
> starter do
> gpgsm --learn-card
> which imports the certificates from such cards. There is no --card-edit
> etc, because in general PKCS#15 cards are distributed personalized.
> Having done --learn-card once you can use the keys from the card for
> X.509 or CMS (aks S/MIME) stuff.
Then I don't understand the reason for gpgsm (the "niche" it fills)...
opensc already supports many cards, and can even edit some. And (via
PKCS#11) Firefox and Thunderbird (and many other programs, but only one
at a time) can use the cards for auth (and signing).
> But note, that PKCS#15 does not specifiy everything and card vendors
> oftne implement proprietary extensions/modifications.
As usual. But even openpgp RFCs are often implemented with proprietary
> See gnupg/scd/app-p15.c for some hints.
I'll have a look.
More information about the Gnupg-users