Menu
▾
▴
Re: [Opensc-devel] OpenSC at FOSDEM 2018
|
From: Jakub J. <jj...@re...> - 2018-01-12 14:05:09
|
On Sat, 2018-01-06 at 12:11 +0100, NdK wrote: > Il 05/01/2018 19:01, Bernd Eckenfels ha scritto: > > Hello, > > Did you try scdaemon (scenario 1 with SCd-PKCS11 should work with > > Firefox) > > https://github.com/sektioneins/scd-pkcs11/blob/master/README.md > > IIUC that's for GPG to use OpenSC-managed cards. > > Practical example. I have a MyEID cards where I load a couple of keys > for web auth (say work portal and CAcert), a key for mail signing > (X509), a key for SSH access and the 3 GPG keys (DEC, SIG, AUT, and > possibly the master C key too). > That's what I could do before problems started (I last tested quite > some > time ago, so it might a bit fuzzy). IIRC, if I had Firefox open I > couldn't access any key from other apps (including Thunderbird). > If I closed FF, then I could sign/decrypt mails in Thunderbird, but > either with X509 or GPG (Enigmail). And to use SSH I had to close TB, > too. Hello Diego, I am not using web authentication using PKCS#11, but (for the sake of correct outcomes here) I got to test it today and it works as expected without any concurrent issues (until you let the GnuPG's scdaemon into the round) with all the cards I have around, but mostly with PIV on yubikey. I believe you should give it a try again. You might be pleasantly surprised (unless the MyEID cards have some different issues than my cards). The scdaemon could be replaced with a tool that does not require exclusive access and talks PKCS#11, such as gnupg-pkcs11-scd [1] and then we should be over these problems. > Guess what's the "normal user" reaction? "fsck smartcards". Yes, some of the configuration steps should be more explicit (disconnect = leave), and we should support both applets on the smart card (PIV, OpenPGP) on yubikey [2] to make it working setup for general users. But I would not say it is impossible nor that we are far. [1] http://gnupg-pkcs11.sourceforge.net/index.html [2] https://github.com/OpenSC/OpenSC/issues/962 Thanks for inputs and regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. |
