Hi Jerney, Jernej Kos: > Hello! > > I would like to use GPGSM to sign a Linux kernel module with a private > key stored on an OpenPGP smartcard.
As to the OpenPGP card 2.1 [1] specification, you can store the private key of an X.509 certificate on card (Data Object Cardholder Certificate, TAG 7F21) ONLY for using it for authentication purposes in a client/server environment, not for signing. In version 3.0 of the OpenPGP card specification the decipher and sign capabilities for use with an PKIX/X.509 certificate have been introduced. Unfortunately I don't know of any existing OpenPGP smart card that implements version 3.0 [2]. So, I guess, without even discussing the possibility (and further details) of using a "smartcard-based" X.509 certificate's private key with gpgsm for digitally signing a file skipping/overriding/ignoring CMS's auth attributes for signing a kernel module, it is not (yet) feasible (in practice). My 2 cent Stephan
0x4218732B.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
