private data objects on smartcard
Damien Goutte-Gattat
dgouttegattat at incenp.org
Fri Jan 31 00:57:28 CET 2020
On Fri, Jan 31, 2020 at 12:39:11AM +0100, mailing list wrote:
>By the way, is mcl3 the length of the key currently living on the
>smartcard or the maximum key length supported by this card?
Neither of those. It's the maximum length of the "Cardholder certificate
DO". This is another data object available on a OpenPGP smart card,
intended to store a X.509 certificate.
You can write to that DO using the (undocumented) writecert command. For
example, assumimg the cert.der file contains a DER-encoded X.509
certificate:
$ gpg --card-edit
gpg/card> writecert 3 < cert.der
GnuPG allows to write into that DO but does not actually use it. As far
as I know the only component that makes use of the Cardholder
certificate DO is Scute [1], for TLS client authentication (and even for
that the DO is actually dispensable: if Scute does not find the desired
certificate in that DO, it will obtain it from GpgSM.)
>I just play with a card version 1.1 and mcl3 is 0 there.....
The Cardholder certificate DO was added in version 2.0 of the
specification, so nothing surprising here.
Cheers,
- Damien
[1] http://scute.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200130/53a8411b/attachment.sig>
More information about the Gnupg-users
mailing list