> You may also try the patch below.
> [...]
> * src/agent.c (scute_agent_get_cert): Reject card certificate if
> it does not start with an ASN.1 sequence tag.
The batch works for me using Yubikey 4.
Thanks,
Fabian
signature.asc
Description: PGP signature
__
hange to:
Status: Not Present
Description: [empty]
Manufacturer: [empty]
HW Version: [empty]
FW Version: [empty]
(Screenshots attached)
While Firefox is running I am not able to access my smartcard with gpg:
$ date | gpg -e | gpg # gpg test
> gpg: encrypted with 4096-bit RSA key, ID
> The maximal size for the certificate to be stored on the token is indicated
> by the "mcl3" value (so, 2048 bytes in this example). Your DER-encoded
> certificate should not be bigger than that.
$ gpg-connect-agent 'SCD GETATTR EXTCAP' /bye | grep -Po 'mcl3=\d+'
mcl3=1216
My certificate is sl
> Did you import your new certificate onto the Yubikey? Because independently
> of what your gpgsm store may contain, Scute will always try to fetch the
> certificate from the token itself.
Ah, I didn't know I had to write the certificate onto the Yubikey.
I only imported it into gpgsm following t
> Could you perform your tests again with Scute debugging turned on?
Scute log when launching Firefox with Yubikey unplugged:
> scute debug init: flags=0xff
> scute: scute_agent_initialize: Establishing connection to gpg-agent
After plugging in the Yubikey:
> scute: scute_agent_get_cert: got ce
I just cloned Scute from git://git.gnupg.org/scute.git
(commit 10a19467bc2a95b4aa91176924a91be427d3157a)
The error messages changed (compared to my initial mail):
$ GPG_AGENT_INFO=$(gpgconf --list-dir agent-socket):0:1 firefox
> scdaemon[2999]: detected reader 'Yubico Yubikey 4 OTP+U2F+CCID 00 00
Hi,
Thanks for your reply!
> The GPG_AGENT_INFO variable must have the following form:
> "PATH_TO_SOCKET:PID:VERSION", where PID is the running agent's process ID
> and VERSION is the version of the agent protocol (which must be 1).
> Otherwise Scute will ignore the variable.
>
> So try instead:
Hi,
I am trying to setup Scute (http://scute.org/) so I can use my
authentication subkey for client authentication in Firefox.
I followed the steps in Scute's manual to setup Firefox.
http://scute.org/scute.html/Application-Configuration.html
My problem is that I keep getting these warnings when
m pem -out cert.pem
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 4131764345156431248 (0x3956f9c7e8ac6d90)
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: C=AT, CN=Fabian Peter Hammerle
> Validity
> No
