On Thursday 25. October 2012 01:02:33 Brandon Casey wrote: > On Mon, Oct 22, 2012 at 6:38 AM, Mat Arge <argemat1010@xxxxxxxxx> wrote: > > Hy! > > > > I would like to sign each commit with a X.509 certificate and a private > > key > > stored on a PKCS#11 token. I assume that that should be possible somehow > > using a hook which calls openssl. Does somebody know a working > > implementation of this? > > Creating signatures from an rsa key on a pkcs11 token should be > possible, but gnupg doesn't support pkcs11 for philosophical reasons. > You need to use gnupg-pkcs11 which is maintained outside of the gnupg > tree. > > Once you configure gnupg-pkcs11-scd, you'll be able to use git and gpg > to sign tags as usual. > > I configured this a while back for use with CAC cards using the > following resources: > > http://alpha.uwb.edu.pl/map/eToken_gpg_howto.shtml (dead) > http://alpha.uwb.edu.pl/amicke/eToken_gpg_howto.shtml (replacement > for above?) > http://gnupg-pkcs11.sourceforge.net/man.html > > Try those docs. If you have questions, I'll try to find my notes. > > -Brandon Thanks for the tip, I will try them (though the appear to be very outdated). Do you know, if gnupg-pkcs11-scd is able to cooperate with the standard pcscd from pcsc-lite, or is a one-or-the-other situation? cheers Mat -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html