GnuPG kasutamine
Allikas: Kuutõrvaja
Sisukord
Sissejuhatus
GnuPG (Gnu Privacy Guard) on OpenPGP vaba implementatsioon.
Võtmeserverite kasutamine
Võtmete otsimiseks sobib öelda
$ gpg2 --keyserver hkp://pgp.mit.edu:11371 --search-keys "Priit Kask"
Eesti ID-kaardi kasutamine
Paigaldada lisaks gnupg2 paketile gnupg-pkcs11-scd ja gpg-agent
# apt-get install gnupg-pkcs11-scd gpg-agent
Moodustada gnupg-pkcs11-scd jaoks seadistusfail
# egrep -v "^#|^$" /root/.gnupg/gnupg-pkcs11-scd.conf log-file /tmp/gnupg-pkcs11-scd.log verbose debug-all providers p1 provider-p1-library /usr/lib/opensc-pkcs11.so emulate-openpgpg
Ning gpg-agenti seadistusfail /root/.gnupg/gpg-agent.conf
# cat /root/.gnupg/gpg-agent.conf scdaemon-program /usr/bin/gnupg-pkcs11-scd pinentry-program /usr/bin/pinentry
Seejärel küsime kaardilt sertifikaatide andmed
# gpg-agent --server --no-use-standard-socket OK Pleased to meet you scd learn S SERIALNO D2760001240111111111111111111111 0 S APPTYPE PKCS11 S KEY-FRIEDNLY 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309 /C=EE/O=ESTEID/OU=authentication\ /CN=OOLBERG,IMRE,37003212713/SN=OOLBERG/GN=IMRE/serialNumber=37003212713 on ID-kaart (PIN1, Isikutuvastus) S KEYPAIRINFO 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309 AS\x20Sertifitseerimiskeskus\ /PKCS\x20\x2315\x20SCard/A0055728/ID\x2Dkaart\x20\x28PIN1\x2C\x20Isikutuvastus\x29/01 S KEY-FRIEDNLY 6D60BFD83CDBF9227C1446EBBCE14EDBCEA17380 /C=EE/O=ESTEID/OU=digital signature\ /CN=OOLBERG,IMRE,37003212713/SN=OOLBERG/GN=IMRE/serialNumber=37003212713 on ID-kaart (PIN2, Allkirjastamine) S KEYPAIRINFO 6D60BFD83CDBF9227C1446EBBCE14EDBCEA17380 AS\x20Sertifitseerimiskeskus\ /PKCS\x20\x2315\x20SCard/A0055728/ID\x2Dkaart\x20\x28PIN2\x2C\x20Allkirjastamine\x29/02 OK
Lisame saadud andmed kasutaja seadistusfaili /root/.gnupg/gnupg-pkcs11-scd.conf, kokku on faili sisu selline
log-file /tmp/gnupg-pkcs11-scd.log verbose debug-all providers p1 provider-p1-library /usr/lib/opensc-pkcs11.so emulate-openpgpg openpgp-auth 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309 openpgp-sign 328DD8D1643FAABF3AEC6362E2F8EB7FF2870309 openpgp-encr 6D60BFD83CDBF9227C1446EBBCE14EDBCEA17380
Nüüd on võimalik kasutada gpg2 programmiga id kaarti, nt küsida, näidates esmalt gpg-agenti soketi, PID'i ning konstant ühe
# export GPG_AGENT_INFO="/tmp/gnupg-pkcs11-scd.pxRBik/agent.S:26245:1" # gpg2 --card-status Application ID ...: D2760001240111111111111111111111 Version ..........: 11.11 Manufacturer .....: unknown Serial number ....: 11111111 Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Max. PIN lengths .: 0 0 0 PIN retry counter : 0 0 0 Signature counter : 0 Signature key ....: [none] Encryption key....: 6D60 BFD8 3CDB F922 7C14 46EB BCE1 4EDB CEA1 7380 Authentication key: 328D D8D1 643F AABF 3AEC 6362 E2F8 EB7F F287 0309 General key info..: [none]
Kahjuks aga ei õnnestu GnuPG2'ga seostada kaardi võtmeid, et neid praktiliselt kasutama hakata
# gpg2 --card-edit Application ID ...: D2760001240111111111111111111111 Version ..........: 11.11 ... General key info..: [none] Command> admin Admin commands are allowed Command> generate gpg: key operation not possible: Unknown IPC comman
Kasulikud lisamaterjalid
- http://alpha.uwb.edu.pl/map/eToken_gpg_howto.shtml
- http://gnupg-pkcs11.sourceforge.net/index.html
- http://www.gnupg.org/documentation/manuals/gnupg/
- http://www.etokenonlinux.org/et/HowTos/eToken_and_GPG
- http://www.g10code.com/main.html
- http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html
- http://kuutorvaja.eenet.ee/wiki/Eesti_ID-kaardi_kasutamine_Debianiga
