Hello, I am trying to use the OpenPGP card as a SSH CA (see ssh-keygen and i.e. https://blog.habets.se/2011/07/OpenSSH-certificates).
ssh-keygen by default uses an ssh (private) key to sign a public key of a server or of an individual. I managed to successfully use the OpenPGP card for SSH authentication, and so it can perfectly be used as an SSH key encryption engine. ssh-keygen *can* sign a public key with a smartcard. Using a PKCS#11 token. However, I see that the OpenPGP card does not natively talk PKCS#11, but there's some wrapper library. Am I really forced to use that? Would it work correctly or would it break the keys currently on the card? Is the PKCS#11 library for OpenPGP card usable? Best regards, Bolesław Tokarski
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
