Georg Lohrer wrote:
Hi,
maybe I'm wrong for this question on this mailing-list, but as pcscd with
ccid is the underlying access-daemon for my signtrust.de SmartCard I
am hopefully awaiting any answer.
As background, signtrust.de is a german "accredited certification service
vendor" as requested in the german signature law. You can officially sign any
document using the certificates on this SmartCard. The signatures made by
the certificates are utilizable and valid in court actions and are equivalent
to your handwritten signature.
Therefore very strict securing mechanisms are necessary using these
SmartCards. Only class-2 pinpad-readers are feasible. No extraction of
certificates or keys from the card to any other medium should be done.
no extraction of the certificates ? this sounds rather senseless as
a certificate you can't extract cannot be parsed/used and hence is
useless (this would be different for cv-certicates but I guess
you're talking about x509 certs).
And now I want to use my mutt-mailer with this SmartCard for signing some
E-mails. With openssl there is no way to use the certificates directly on the
SmartCard, you have to extract the certificate to a real file.
yes
Do you know a proper way to handle this situation? Is there a way to let the
SmartCard (TCOS) do the signing action?
I've never tried mutt + openssl + [pkcs11] engine but at least
creating a signature with openssl + smartcard engine should work
Nils
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
