From: Nils Larsch (nlarschgmx.net)
Date: Sun Feb 19 2006 - 12:06:50 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Georg Lohrer wrote:
> Hi,
>
> maybe I'm wrong for this question on this mailing-list, but as pcscd with
> ccid is the underlying access-daemon for my signtrust.de SmartCard I
> am hopefully awaiting any answer.
>
> As background, signtrust.de is a german "accredited certification service
> vendor" as requested in the german signature law. You can officially sign any
> document using the certificates on this SmartCard. The signatures made by
> the certificates are utilizable and valid in court actions and are equivalent
> to your handwritten signature.
> Therefore very strict securing mechanisms are necessary using these
> SmartCards. Only class-2 pinpad-readers are feasible. No extraction of
> certificates or keys from the card to any other medium should be done.

no extraction of the certificates ? this sounds rather senseless as
a certificate you can't extract cannot be parsed/used and hence is
useless (this would be different for cv-certicates but I guess
you're talking about x509 certs).

>
> And now I want to use my mutt-mailer with this SmartCard for signing some
> E-mails. With openssl there is no way to use the certificates directly on the
> SmartCard, you have to extract the certificate to a real file.

yes

>
> Do you know a proper way to handle this situation? Is there a way to let the
> SmartCard (TCOS) do the signing action?

I've never tried mutt + openssl + [pkcs11] engine but at least
creating a signature with openssl + smartcard engine should work

Nils
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]