|
Dobrica Pavlinušić's random unstructured stuff
eid: Revision 1
Ove upute su bazirane na emardovom postu.
Evo za potpisivanje sa osobnim preko linuxa.
Probajte ako neko može to još dobit onda bismo
aktiviraj karticu pomoću pina na sigurnoj omotnici $ /usr/lib/akd/eidmiddleware/Client postavi konfiguraciju za gpgsm i externi pkcs11 driver $ mkdir .gnupg $ cat ~/.gnupg/gpg-agent.conf scdaemon-program /usr/bin/gnupg-pkcs11-scd $ cat ~/.gnupg/gnupg-pkcs11-scd.conf # pin cache period in seconds pin-cache 5 providers eidosobna provider-eidosobna-library /usr/lib/akd/eidmiddleware/pkcs11/libEidPkcs11.so provider-eidosobna-allow-protected-auth check: $ gpg --card-status should list something about card $ echo "SCD LEARN" | gpg-agent --server gpg-connect-agent should show some key info $ gpgsm --import < /usr/lib/akd/eidmiddleware/certificates/AKDCARoot.pem gpgsm: total number processed: 1 gpgsm: imported: 1 $ gpgsm --import < /usr/lib/akd/eidmiddleware/certificates/HRIDCA.pem gpgsm: total number processed: 1 gpgsm: imported: 1 $ gpgsm --learn-card # check: this should list keys learned from the card: $ gpgsm --list-keys Put the fingerprint of your root CA to "~/.gnupg/trustlist.txt". After fingerprint append " S" (space S without quotes) $ cat ~/.gnupg/trustlist.txt # /CN=AKDCA Root/O=AKD d.o.o./C=HR/2.5.4.97=VATHR-99993087891 99:99:A6:C0:7A:1B:20:89:9E:89:6C:A1:A3:AD:D9:65:34:39:94:58 S # use default key ID for signing $ cat ~/.gnupg/gpgsm.conf # use specific key ID for signing (choose key ID from gpgsm --list-keys) default-key 0x1234ABCD # use default key ID for signing $ gpgsm --detach-sign file.txt > file.txt.sgn # use specific key ID for signing (choose key ID from gpgsm --list-keys) $ gpgsm --detach-sign -u 0x1234ABCD file.txt > file.txt.sgn ... dialog to enter card PIN for the chosen key will appear ... # verify the signature $ gpgsm --verify file.txt.sgn file.txt # kill agent after use (eventual pins cached) $ gpgconf --kill gpg-agent |