> > > the german ZKA specification which is an evolved version of the "DIN > > signature card", which finally should be supported by gpgsm through > > dinsig.c > > Basically it works. But: Quite some time ago I received a test card > and tried to make it work. The problem at that time was that there > was no way to get the root certificate for this test card. I had some > mail exchange with S-Trust and they send me an NDA to sign. This NDA > had terms which would have inhibit me to do any work on qualified > signatures for any other issuer. Obviously I didn'd signed it. This > was before S-trust went into production. I got the root certificate from their web site and an intermediate certificate by email. It seems that they changed their policy there. However, one has to sign a pretty strange agreement to get the ZKA spec.
> I still hesitate to do any development with real cards as there is the > chance that I might accidently sign a document. I would be willing to take this risk. Furthermore, it seems that the key in question is the non-qualified one so it's not a legal signature anyway. > > All other CAs issue test cards under reasonable terms - only S-trust > does not. Thus I see no way to support/test them. > > > Now I'm at loss. Of course, there is no secret key, because it is still > > on the card. Looks to ma as if gpgsm is missing the fact that this key > > must be used through the card reader. > > Add > > debug 2048 > debug 1024 > > to ~/.gnupg/scdaemon.conf and > > debug 1024 > > to ~/.gnupg/gpg-agent.conf as well as an appropriate log file[1] and > restart gpg-agent[2] > This is what happens there: [client at fd 7 connected] 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: -> OK Pleased to meet you 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: <- RESET 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: -> OK 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: <- OPTION display=:0.0 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: -> OK 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: <- OPTION ttyname=/dev/pts/0 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: -> OK 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: <- OPTION ttytype=xterm 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: -> OK 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: <- OPTION [EMAIL PROTECTED] 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: -> OK 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: <- OPTION [EMAIL PROTECTED] 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: -> OK 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: <- HAVEKEY 864314699D78AB3F134A009BDD3FF4F7F2F86779 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: -> ERR 67108881 Kein geheimer Schlüssel <GPG Agent> 7 - 2007-01-04 10:58:57 gpg-agent[4575.0] DBG: <- [EOF] [client at fd 7 disconnected] The correct fingerprint of the key to be used is 3D:21:BC:85:ED:A7:4D:98:F1:AC:5A:71:F4:26:77:1A:15:0F:47:BD I do not know how the value 864314... is calculated. It seems that there is no communication with scdaemon. best regards, Ullrich
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
