GithubHelp home page GithubHelp logo

support rutoken about gnupg-pkcs11-scd HOT 15 CLOSED

alonbl avatar alonbl commented on August 17, 2024
support rutoken

from gnupg-pkcs11-scd.

Comments (15)

alonbl avatar alonbl commented on August 17, 2024

Please read the gnupg-pkcs11-scd man page and follow the Typical steps to set up a card for >=gpg-2.1.19 usage: instructions.

from gnupg-pkcs11-scd.

ya-zero avatar ya-zero commented on August 17, 2024

good.

gpg --card-status
gpg: WARNING: server 'scdaemon' is older than us (0.9.2 < 2.2.12)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: OpenPGP card not available: Bad session key

gnupg-pkcs11-scd.conf

providers p1 >provider-p1-library /usr/lib/librtpkcs11ecp.so
question : need openpgp-sign KEY-FRIEDNLY ?

gpg-agent.conf

scdaemon-program /usr/bin/gnupg-pkcs11-scd >pinentry-program /usr/bin/pinentry

gpg-agent server
SCD LEARN
https://pastebin.com/nXZAb9Qt

gpg --expert --full-generate-key
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
Your selection? 13
Enter the keygrip: BEDF773D43C5B817E5B7DA164DA6DF21B9F44C2A
No key with this keygrip

may be requared GPG_AGENT_INFO ?

from gnupg-pkcs11-scd.

alonbl avatar alonbl commented on August 17, 2024

from gnupg-pkcs11-scd.

alonbl avatar alonbl commented on August 17, 2024

from gnupg-pkcs11-scd.

ya-zero avatar ya-zero commented on August 17, 2024

https://paste2.org/PUhKfVKE

from gnupg-pkcs11-scd.

ya-zero avatar ya-zero commented on August 17, 2024

gnupg-pkcs11-scd.conf

debug-all

verbose

log-file /root/gnupg-pkcs11-scd.log

providers p1

provider-p1-library /usr/lib/librtpkcs11ecp.so

#provider-p1-cert-private

#emulate-openpgp
openpgp-sign BEDF773D43C5B817E5B7DA164DA6DF21B9F44C2A

#openpgp-encr BEDF773D43C5B817E5B7DA164DA6DF21B9F44C2A

#openpgp-auth BEDF773D43C5B817E5B7DA164DA6DF21B9F44C2A

need learn key on token

from gnupg-pkcs11-scd.

alonbl avatar alonbl commented on August 17, 2024

from gnupg-pkcs11-scd.

ya-zero avatar ya-zero commented on August 17, 2024

https://github.com/ya-zero/ya-zero.github.io/blob/master/uploads/gnupg-pkcs11-scd.log

update formating config
#21 (comment)

from gnupg-pkcs11-scd.

alonbl avatar alonbl commented on August 17, 2024

from gnupg-pkcs11-scd.

ya-zero avatar ya-zero commented on August 17, 2024
  1. https://github.com/ya-zero/ya-zero.github.io/blob/master/uploads/gnupg-pkcs11-scd.conf
  2. https://github.com/ya-zero/ya-zero.github.io/blob/master/uploads/gpg-agent.conf
  3. command no enter , i'm try run in shell start
    gnupg-pkcs11-scd --daemon
    gpg-agent --daemon
    gpg-agent --server

gpg --card-status

from gnupg-pkcs11-scd.

ya-zero avatar ya-zero commented on August 17, 2024

i'm configure
openpgp-sign BEDF773D43C5B817E5B7DA164DA6DF21B9F44C2A
openpgp-encr BEDF773D43C5B817E5B7DA164DA6DF21B9F44C2A
openpgp-auth BEDF773D43C5B817E5B7DA164DA6DF21B9F44C2A

gpg --card-status

gpg: WARNING: server 'scdaemon' is older than us (0.9.2 < 2.2.12)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
Reader ...........: [none]
Application ID ...: D2760001240111503131CBAA96721111
Version ..........: 11.50
Manufacturer .....: unknown
Serial number ....: CBAA9672
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa48 rsa48 rsa48
Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
Signature counter : 0
Signature key ....: BEDF 773D 43C5 B817 E5B7 DA16 4DA6 DF21 B9F4 4C2A
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg --expert --full-generate-key
13 Existing key
enter BEDF773D43C5B817E5B7DA164DA6DF21B9F44C2A

Your selection? 13
Enter the keygrip: BEDF773D43C5B817E5B7DA164DA6DF21B9F44C2A

next question
Possible actions for a RSA key: Sign Certify Encrypt Authenticate
Current allowed actions: Sign Certify Encrypt

(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished

what to choose ?

from gnupg-pkcs11-scd.

ya-zero avatar ya-zero commented on August 17, 2024

if i'm toggle Current allowed actions: Sign Certify
next question
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.
Real name:
what to enter?

from gnupg-pkcs11-scd.

alonbl avatar alonbl commented on August 17, 2024

from gnupg-pkcs11-scd.

ya-zero avatar ya-zero commented on August 17, 2024

very cool. always present in examples openpgp-sign/encr/auth . after remove whis string
everything is working.

root@ubuntu1904:~/.gnupg# gpg --list-keys
/root/.gnupg/pubring.kbx

pub rsa2048 2019-09-30 [SC]
E15216754A57D7448C83DD4B257BB235AD7BAFF3
uid [ultimate] [email protected] (0) [email protected]

root@ubuntu1904:~/.gnupg# gpg --list-secret-keys
/root/.gnupg/pubring.kbx

sec> rsa2048 2019-09-30 [SC]
E15216754A57D7448C83DD4B257BB235AD7BAFF3
Card serial no. = 3131 CBAA9672
uid [ultimate] [email protected] (0) [email protected]

from gnupg-pkcs11-scd.

alonbl avatar alonbl commented on August 17, 2024

from gnupg-pkcs11-scd.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.