Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

x509 and openGPG smartcard

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


guyome at lechiennoir

May 9, 2012, 1:15 PM

Post #1 of 4 (681 views)
Permalink
x509 and openGPG smartcard

Hello,

I've just bought a Gemalto USB Shell Token V2 and openGPG smartcard. I
successfully get it work on Ubuntu 12.04 (gnupgp 2.0.17) without any problem. However, I
can't store a x509 certificate on the smartcard.

I get a certificate from Cacert that I converted with gpgsm

gpgsm --import guyome.p12
gpgsm -o guyome.pem --export -a XXXXXX

Then I edit the smartcard

gpg2 --card-edit

and I import the certificate on the smartcard

gpg/card> admin
Les commandes d'administration sont permises

gpg/card> writecert 3 < guyome.pem

Up to now, I did not get any error message. But If do

gpg/card> readcert 3 > test.pem
gpg: error reading certificate from card: Not Found

gpg/card> writecert 3 < guyome.pem
gpg: error writing certificate to card: General Erreur

It seems that I can't write the certificate to the smartcard.
Is it a bug or did I made a mistake? BTW, I get the same error on Fedora 16..

Regards,

Guillaume


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

May 10, 2012, 4:09 AM

Post #2 of 4 (647 views)
Permalink
Re: x509 and openGPG smartcard [In reply to]

On Wed, 9 May 2012 22:15, guyome [at] lechiennoir said:

> It seems that I can't write the certificate to the smartcard.
> Is it a bug or did I made a mistake? BTW, I get the same error on Fedora 16..

I don't know. I only implemented it once and never used. There is no
need for it in GnuPG. To debug it you should put

debug 2048
debug 1024
log-file /foor/bar/scd.log

into scdaemon.log and run

gpgconf --reload scdaemon

to restart scdaemon.

Take care: debug 2048 may also log your PIN.


Salam-Shalom,

Werner


--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


simon at josefsson

May 10, 2012, 4:29 AM

Post #3 of 4 (643 views)
Permalink
Re: x509 and openGPG smartcard [In reply to]

Guillaume Lanquepin-Chesnais <guyome [at] lechiennoir> writes:

> Hello,
>
> I've just bought a Gemalto USB Shell Token V2 and openGPG smartcard. I
> successfully get it work on Ubuntu 12.04 (gnupgp 2.0.17) without any
> problem. However, I
> can't store a x509 certificate on the smartcard.

I thought OpenPGP cards didn't support storing X.509 certs?

/Simon

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


wk at gnupg

May 10, 2012, 4:44 AM

Post #4 of 4 (640 views)
Permalink
Re: x509 and openGPG smartcard [In reply to]

On Thu, 10 May 2012 13:29, simon [at] josefsson said:

> I thought OpenPGP cards didn't support storing X.509 certs?

There was some spare space on the new chips and thus the specs allow for
an optional field to store a certificate (or any other data) . GnuPG 1.4
does not support it.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.