Re: smartcards and GPGME
On 05/14/2018 02:02 AM, Andre Heinecke wrote: > Hi, > > On Sunday, May 13, 2018 6:26:04 PM CEST Jacob Adams wrote: >> As part of a program I'm writing this summer for GSoC, I'd like to be >> able to both move gpg private keys to a smartcard and generate keys on >> the smartcard from an application. While this can be done from gpg, it >> doesn't look like I can do so from GPGME or any other wrappers that >> exist. Have I missed something or is this simply not possible yet? >> >> While I could wrap this functionality of gpg, I'd really prefer not to >> and I'd rather not drop the user to a gpg prompt if I don't have to. > > This is both pretty complicated thorugh GPGME, as there is indeed not a > direct > interface. Kleopatra and GPA use the "AssuanEngine" of GPGME to connect to > the > gpg-agent's assuan interface and issue / parse commands directly through that > connection. > > You might want to take a look at GPA's implementation: > > https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpa.git;a=blob;f=src/cm-openpgp.c Awesome! That's a bit more complex than I was hoping but better than calling gpg directly. Thanks for the pointer! > > Alternatively instead of wrapping gpg (and using the complicated edit > interface) you could also wrap "gpg-connect-agent" and issue commands to > scdaemon through that. That's also an option but I'll try the AssuanEngine first. Thanks, Jacob signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcards and GPGME
On Mon, 14 May 2018 00:26, tookm...@gmail.com said: > the smartcard from an application. While this can be done from gpg, it > doesn't look like I can do so from GPGME or any other wrappers that > exist. Have I missed something or is this simply not possible yet? GPGME allows to do that. For example GPA has a card manager which can manage different types of cards and for some cards it is able to create keys. IIRC, moving keys to the card is not yet implemented but GPGME allows you to do implement that as well. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpcXVP0tapXj.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcards and GPGME
Hi, On Sunday, May 13, 2018 6:26:04 PM CEST Jacob Adams wrote: > As part of a program I'm writing this summer for GSoC, I'd like to be > able to both move gpg private keys to a smartcard and generate keys on > the smartcard from an application. While this can be done from gpg, it > doesn't look like I can do so from GPGME or any other wrappers that > exist. Have I missed something or is this simply not possible yet? > > While I could wrap this functionality of gpg, I'd really prefer not to > and I'd rather not drop the user to a gpg prompt if I don't have to. This is both pretty complicated thorugh GPGME, as there is indeed not a direct interface. Kleopatra and GPA use the "AssuanEngine" of GPGME to connect to the gpg-agent's assuan interface and issue / parse commands directly through that connection. You might want to take a look at GPA's implementation: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpa.git;a=blob;f=src/cm-openpgp.c Alternatively instead of wrapping gpg (and using the complicated edit interface) you could also wrap "gpg-connect-agent" and issue commands to scdaemon through that. Best Regards, Andre -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcards and GPGME
Hello Jacob. Am Sonntag, den 13.05.2018, 18:26 -0400 schrieb Jacob Adams: > Hello all, > > As part of a program I'm writing this summer for GSoC, I'd like to be > able to both move gpg private keys to a smartcard and generate keys > on > the smartcard from an application. While this can be done from gpg, > it > doesn't look like I can do so from GPGME or any other wrappers that > exist. Have I missed something or is this simply not possible yet? GPGsm does not do anything with GPG keys directly. The Keys it creates are stored inside GPGsm and are derived from GPG keys, AFAIU. For your purpose you have to use the GPGme library. > While I could wrap this functionality of gpg, I'd really prefer not > to > and I'd rather not drop the user to a gpg prompt if I don't have to. GPGme does what you are trying to do, without prompting, except for cases where PIN or password are required. This events are handled by gpg-agent. GPGsm is for managing X.509 certificates. I'm not sure if it can handle moved keys. It should, if it interaqcts with gpg-agent. That's something I'm not really sure of. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen Tel.: +49 1573 1152350 signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
smartcards and GPGME
Hello all, As part of a program I'm writing this summer for GSoC, I'd like to be able to both move gpg private keys to a smartcard and generate keys on the smartcard from an application. While this can be done from gpg, it doesn't look like I can do so from GPGME or any other wrappers that exist. Have I missed something or is this simply not possible yet? While I could wrap this functionality of gpg, I'd really prefer not to and I'd rather not drop the user to a gpg prompt if I don't have to. Thanks, Jacob ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users