Re: signing commits with openssl/PKCS#11

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mat Arge <argemat1010@gmail.com>
To: git@vger.kernel.org
Subject: Re: signing commits with openssl/PKCS#11
Date: Thu, 25 Oct 2012 11:15:06 +0200	[thread overview]
Message-ID: <5241827.QQWApXNz34@off17> (raw)
In-Reply-To: <CA+sFfMdSc30xmzFrqbPFYigLkW9v_YSrnTBtumhZiU5TKiBxqQ@mail.gmail.com>

On Thursday 25. October 2012 01:02:33 Brandon Casey wrote:
> On Mon, Oct 22, 2012 at 6:38 AM, Mat Arge <argemat1010@gmail.com> wrote:
> > Hy!
> > 
> > I would like to sign each commit with a X.509 certificate and a private
> > key
> > stored on a PKCS#11 token. I assume that that should be possible somehow
> > using a hook which calls openssl. Does somebody know a working
> > implementation of this?
> 
> Creating signatures from an rsa key on a pkcs11 token should be
> possible, but gnupg doesn't support pkcs11 for philosophical reasons.
> You need to use gnupg-pkcs11 which is maintained outside of the gnupg
> tree.
> 
> Once you configure gnupg-pkcs11-scd, you'll be able to use git and gpg
> to sign tags as usual.
> 
> I configured this a while back for use with CAC cards using the
> following resources:
> 
>    http://alpha.uwb.edu.pl/map/eToken_gpg_howto.shtml (dead)
>    http://alpha.uwb.edu.pl/amicke/eToken_gpg_howto.shtml (replacement
> for above?)
>    http://gnupg-pkcs11.sourceforge.net/man.html
> 
> Try those docs.  If you have questions, I'll try to find my notes.
> 
> -Brandon

Thanks for the tip, I will try them (though the appear to be very outdated).
Do you know, if gnupg-pkcs11-scd is able to cooperate with the standard pcscd 
from pcsc-lite, or is a one-or-the-other situation?

cheers
Mat

     prev parent reply	other threads:[~2012-10-25  9:15 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-10-22 13:38 signing commits with openssl/PKCS#11 Mat Arge
2012-10-24  9:46 ` Michael J Gruber
2012-10-25  9:12   ` Mat Arge
2012-10-25  8:02 ` Brandon Casey
2012-10-25  9:15   ` Mat Arge [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5241827.QQWApXNz34@off17 \
    --to=argemat1010@gmail.com \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.