Re: signing commits with openssl/PKCS#11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 25. October 2012 01:02:33 Brandon Casey wrote:
> On Mon, Oct 22, 2012 at 6:38 AM, Mat Arge <argemat1010@xxxxxxxxx> wrote:
> > Hy!
> > 
> > I would like to sign each commit with a X.509 certificate and a private
> > key
> > stored on a PKCS#11 token. I assume that that should be possible somehow
> > using a hook which calls openssl. Does somebody know a working
> > implementation of this?
> 
> Creating signatures from an rsa key on a pkcs11 token should be
> possible, but gnupg doesn't support pkcs11 for philosophical reasons.
> You need to use gnupg-pkcs11 which is maintained outside of the gnupg
> tree.
> 
> Once you configure gnupg-pkcs11-scd, you'll be able to use git and gpg
> to sign tags as usual.
> 
> I configured this a while back for use with CAC cards using the
> following resources:
> 
>    http://alpha.uwb.edu.pl/map/eToken_gpg_howto.shtml (dead)
>    http://alpha.uwb.edu.pl/amicke/eToken_gpg_howto.shtml (replacement
> for above?)
>    http://gnupg-pkcs11.sourceforge.net/man.html
> 
> Try those docs.  If you have questions, I'll try to find my notes.
> 
> -Brandon

Thanks for the tip, I will try them (though the appear to be very outdated).
Do you know, if gnupg-pkcs11-scd is able to cooperate with the standard pcscd 
from pcsc-lite, or is a one-or-the-other situation?

cheers
Mat
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]