This repository has been archived by the owner on May 16, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 24
GnuPG
Iwan Timmer edited this page Feb 11, 2018
·
1 revision
- Install gnupg-pkcs11-scd as its required to be able to use PKCS #11 modules as smard-card in GnuPG
- Set scdaemon-program in ~/.gnupg/gpg-agent.conf to point to gnupg-pkcs11-scd
scdaemon-program /usr/bin/gnupg-pkcs11-scd
- Configure gnupg-pkcs11-scd by editing ~/.gnupg/gnupg-pkcs11-scd.conf to let is use TPM2-PK11
providers tpm
provider-tpm-library /usr/lib/libtpm2-pk11.so
- Ensure you have created a (self signed) certificate for your private key as gnupg-pkcs11-scd uses the certificate for reading the public key.
- Refresh local key store of GPG by running and connect to the gpg agent
gpg --card-status
gpg-agent --server gpg-connect-agent
- Enter "SCD LEARN" and look for "KEY-FRIEDNLY" responses, the first field is the keygrip, the second is the subject name of the certificate.
- Create a new GPG key by running
gpg --expert --full-generate-key
or add a subkey to an existing GPG key by running
gpg --expert --edit-key KEY_ID
gpg> addkey
- Select option (13) Existing key and enter the keygrip of the TPM key you want to use