Card Holder Certificate on Gnuk Token

Note that Card Holder Certificate is not yet well supported by the combination of pcsc-lite and GnuPG (bug fixes are needed now).

Note that client certificate is not that common.

Card Holder Certificate (optional/experimental)

Suppose I am at the directory of gnuk-0.12/src.

I did :

$ ../tool/ ../../tmp/gniibe-crt.bin
../../tmp/gniibe-crt.bin: 1328
Updating card holder certificate
Token: FSIJ Gnuk (0.12-38FF6A06) 00 00
ATR: 3B DA 11 FF 81 B1 FE 55 1F 03 00 31 84 73 80 01 40 00 90 00 24

It assumes that admin password is one of factory settings.

You can add -p option for admin password input.

Further Reading

See to generate CSR (certificate signing request), and to get certificate.

Convert ascii CRT to binary form, we can use openssl x509 command.

I think that most usages of client certificate is not by certificate authorities. I think that it is OK to sign locally by ourselves with openssl.