Erinevus lehekülje "GnuPG kasutamine" redaktsioonide vahel

Allikas: Kuutõrvaja
(Eesti ID-kaardi kasutamine)
(Eesti ID-kaardi kasutamine)
47. rida: 47. rida:
 
     /PKCS\x20\x2315\x20SCard/A0055728/ID\x2Dkaart\x20\x28PIN2\x2C\x20Allkirjastamine\x29/02
 
     /PKCS\x20\x2315\x20SCard/A0055728/ID\x2Dkaart\x20\x28PIN2\x2C\x20Allkirjastamine\x29/02
 
   OK
 
   OK
 +
 +
Lisame saadud andmed kasutaja seadistusfaili /root/.gnupg/gnupg-pkcs11-scd.conf, kokku on faili sisu selline
 +
 +
  log-file /tmp/gnupg-pkcs11-scd.log
 +
  verbose
 +
  debug-all
 +
  providers p1
 +
  provider-p1-library /usr/lib/opensc-pkcs11.so
 +
  emulate-openpgpg
 +
  openpgp-auth 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309
 +
  openpgp-sign 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309
 +
  openpgp-encr 6D60BFD83CDBF9227C1446EBBCE14EDBCEA17380
 +
 +
Nüüd on võimalik kasutada gpg2 programmiga id kaarti, nt küsida
 +
 +
  # gpg2 --card-status
 +
  Application ID ...: D2760001240111111111111111111111
 +
  Version ..........: 11.11
 +
  Manufacturer .....: unknown
 +
  Serial number ....: 11111111
 +
  Name of cardholder: [not set]
 +
  Language prefs ...: [not set]
 +
  Sex ..............: unspecified
 +
  URL of public key : [not set]
 +
  Login data .......: [not set]
 +
  Signature PIN ....: forced
 +
  Max. PIN lengths .: 0 0 0
 +
  PIN retry counter : 0 0 0
 +
  Signature counter : 0
 +
  Signature key ....: [none]
 +
  Encryption key....: 6D60 BFD8 3CDB F922 7C14  46EB BCE1 4EDB CEA1 7380
 +
  Authentication key: 328D D8D1 643F AABF 3AEC  6362 E2F8 EB7F F287 0309
 +
  General key info..: [none]
 +
 +
Kahjuks aga ei õnnestu GnuPG2'ga seostada kaardi võtmeid, et neid praktiliselt kasutama hakata
 +
 +
  # gpg2 --card-edit
 +
  Application ID ...: D2760001240111111111111111111111
 +
  Version ..........: 11.11
 +
  ...
 +
  General key info..: [none]
 +
 
 +
  Command> admin
 +
  Admin commands are allowed
 +
 
 +
  Command> generate
 +
  gpg: key operation not possible: Unknown IPC comman

Redaktsioon: 19. mai 2009, kell 18:32

Sissejuhatus

GnuPG (Gnu Privacy Guard) on OpenPGP vaba implementatsioon.

Võtmeserverite kasutamine

Võtmete otsimiseks sobib öelda 

 $ gpg2 --keyserver hkp://pgp.mit.edu:11371 --search-keys "Priit Kask"

Eesti ID-kaardi kasutamine

Paigaldada lisaks gnupg2 paketile gnupg-pkcs11-scd ja gpg-agent 

 # apt-get install gnupg-pkcs11-scd gpg-agent

Moodustada gnupg-pkcs11-scd jaoks seadistusfail 

 # egrep -v "^#|^$" /root/.gnupg/gnupg-pkcs11-scd.conf 
 log-file /tmp/gnupg-pkcs11-scd.log
 verbose
 debug-all
 providers p1
 provider-p1-library /usr/lib/opensc-pkcs11.so
 emulate-openpgpg

Ning gpg-agenti seadistusfail /root/.gnupg/gpg-agent.conf 

 # cat /root/.gnupg/gpg-agent.conf 
 scdaemon-program /usr/bin/gnupg-pkcs11-scd
 pinentry-program /usr/bin/pinentry

Seejärel küsime kaardilt sertifikaatide andmed 

 # gpg-agent --server --no-use-standard-socket
 OK Pleased to meet you
 scd learn
 S SERIALNO D2760001240111111111111111111111 0
 S APPTYPE PKCS11
 S KEY-FRIEDNLY 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309 /C=EE/O=ESTEID/OU=authentication\
   /CN=OOLBERG,IMRE,37003212713/SN=OOLBERG/GN=IMRE/serialNumber=37003212713 on ID-kaart (PIN1, Isikutuvastus)
 S KEYPAIRINFO 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309 AS\x20Sertifitseerimiskeskus\
   /PKCS\x20\x2315\x20SCard/A0055728/ID\x2Dkaart\x20\x28PIN1\x2C\x20Isikutuvastus\x29/01
 S KEY-FRIEDNLY 6D60BFD83CDBF9227C1446EBBCE14EDBCEA17380 /C=EE/O=ESTEID/OU=digital signature\
   /CN=OOLBERG,IMRE,37003212713/SN=OOLBERG/GN=IMRE/serialNumber=37003212713 on ID-kaart (PIN2, Allkirjastamine)
 S KEYPAIRINFO 6D60BFD83CDBF9227C1446EBBCE14EDBCEA17380 AS\x20Sertifitseerimiskeskus\
   /PKCS\x20\x2315\x20SCard/A0055728/ID\x2Dkaart\x20\x28PIN2\x2C\x20Allkirjastamine\x29/02
 OK

Lisame saadud andmed kasutaja seadistusfaili /root/.gnupg/gnupg-pkcs11-scd.conf, kokku on faili sisu selline 

 log-file /tmp/gnupg-pkcs11-scd.log
 verbose
 debug-all
 providers p1
 provider-p1-library /usr/lib/opensc-pkcs11.so
 emulate-openpgpg
 openpgp-auth 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309 
 openpgp-sign 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309 
 openpgp-encr 6D60BFD83CDBF9227C1446EBBCE14EDBCEA17380

Nüüd on võimalik kasutada gpg2 programmiga id kaarti, nt küsida 

 # gpg2 --card-status
 Application ID ...: D2760001240111111111111111111111
 Version ..........: 11.11
 Manufacturer .....: unknown
 Serial number ....: 11111111
 Name of cardholder: [not set]
 Language prefs ...: [not set]
 Sex ..............: unspecified
 URL of public key : [not set]
 Login data .......: [not set]
 Signature PIN ....: forced
 Max. PIN lengths .: 0 0 0
 PIN retry counter : 0 0 0
 Signature counter : 0
 Signature key ....: [none]
 Encryption key....: 6D60 BFD8 3CDB F922 7C14  46EB BCE1 4EDB CEA1 7380
 Authentication key: 328D D8D1 643F AABF 3AEC  6362 E2F8 EB7F F287 0309
 General key info..: [none]

Kahjuks aga ei õnnestu GnuPG2'ga seostada kaardi võtmeid, et neid praktiliselt kasutama hakata 

 # gpg2 --card-edit
 Application ID ...: D2760001240111111111111111111111
 Version ..........: 11.11
 ...
 General key info..: [none]
 
 Command> admin
 Admin commands are allowed
 
 Command> generate
 gpg: key operation not possible: Unknown IPC comman
Pärit leheküljelt "https://kuutorvaja.eenet.ee/w/index.php?title=GnuPG_kasutamine&oldid=11620"