Bug 215032 - Smart Card - pkcs#11 Support
Summary: Smart Card - pkcs#11 Support
Status: RESOLVED NOT A BUG
Alias: None
Product: kleopatra
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR wishlist
Target Milestone: ---
Assignee: Martin Bünemann
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-17 22:15 UTC by Carlos Fernandez
Modified: 2015-10-28 15:26 UTC (History)
7 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Fernandez 2009-11-17 22:15:36 UTC
Version:           2.0.12 (using Devel)
OS:                Linux
Installed from:    Compiled sources

All of the DoD X.509 certicates can load in kleopatra, but there is still no support for scdaemon to use the libcoolkeypk11.so library to access the certificates stored on a smart card through a USB smart card reader.  As such, no native KDE apps, such as Kmail, can use the certicicates stored on these cards to sign/encrypt emails, or encrypt/decrypt files on drives through dolphin.

Unlike other smart cards, the DoD cards also have a certificate that can be used by pam_pkcs11 as a client ID certificate to authenticate user access to the system if kwin supported this feature correctly (or I just don't have it configured correctly).  The web and email capabilities are available through individual applications that utilize the mozilla nssdb, but this must be configured on a per application basis, and one application cannot necessarily see other user certificates stored in the separate application databases.  With the growing use of smart cards in governmental agencies and banks around the world, it would seem this is a necessary feature for any modern desktop environment to integrate natively and seamlessly for applications to use.
Comment 1 Emanuel Schütze 2013-05-08 10:57:53 UTC
This wish needs more checks and reviews of some smart card experts.
Comment 2 Oyvind Hanssen 2013-08-19 20:01:05 UTC
I strongly support this request. The need for secure email, etc via a smartcard based PKI should be obvious.
Comment 3 Emanuel Schütze 2013-08-20 06:48:57 UTC
Kleopatra supports already two smart card types: X.509 Telesec Netkey 3 and OpenPGP card. See also in Gpg4win README (section 3) for using smart card with Kleopatra:
http://files.gpg4win.org/README-2.1.1.en.txt
Comment 4 Martin Bünemann 2013-08-23 09:53:36 UTC
Leider funktionert das nicht unter Windows
Comment 5 Martin Bünemann 2013-08-23 09:56:58 UTC
(In reply to comment #4)
> Leider funktionert das nicht unter Windows
Wenn ich dort auf das Kleopatrasymbol mit der re. Maustaste gehe, komme ich bis ... Zertifikat von NteKey Karte lernen. Ist hellgrau unterlegt
Comment 6 Laurent Montel 2013-08-23 12:20:48 UTC
(In reply to comment #5)
> (In reply to comment #4)
> > Leider funktionert das nicht unter Windows
> Wenn ich dort auf das Kleopatrasymbol mit der re. Maustaste gehe, komme ich
> bis ... Zertifikat von NteKey Karte lernen. Ist hellgrau unterlegt

English please
Comment 7 Martin Bünemann 2013-08-24 08:02:35 UTC
Sorry...
i read the information (see commet 3) and can`t find information for use under windows, See pat 3.
My problem: i click with right mousekey at the Kleopatrabutton on shortcut line,  the next part: smart card... Zertifikate von  netkeycard lernen.. is not aktiv (grey color)
Comment 8 Emanuel Schütze 2013-08-26 06:37:25 UTC
@Martin:
You use Kleopatra from Gpg4win? Which version? Laste 2.2.0 Gpg4win package (with Kleo 2.2.0)?
Which smart card type you use? Kleopatra supports T-Systems NetKey 3.0 card [1] only. Or you use OpenPGP cards. 

[1] https://www.telesec.de/tcos/LB_NetKey3.0_100318_dt.pdf
Comment 9 Martin Bünemann 2013-08-27 19:04:19 UTC
I use TCOS Signatur Card 1. 0, TCOS versoin 3.04 with cardreader SPR 532 Chipdrive
Comment 10 Martin Bünemann 2013-08-27 19:06:46 UTC
Sorry: Klepartra version 2.2.0 with GPG3Win Vers, 2.2.0
Comment 11 Emanuel Schütze 2013-08-28 06:53:02 UTC
(In reply to comment #9)
> I use TCOS Signatur Card 1. 0, TCOS versoin 3.04 with cardreader SPR 532
> Chipdrive

Kleopatra requires the NetKey 3.0 card (see here for details [1]). This NetKey card contains the Smart Card OS "TCOS 3.0". If you have excaclty this X.509 card you can use it together with Kleopatra. If you have an other variant of TCOS card it could be possible that Kleopatra does not support your card. 
Please ask the Gpg4win professional support for the budget to extend Kleopatra for your card. 

This seems to be not a bug because it is not supported yet.
[1] https://www.telesec.de/tcos/LB_NetKey3.0_100318_dt.pdf
Comment 12 Martin Bünemann 2013-08-29 07:47:23 UTC
I use Telesec PKI card, not a NetKey 3.0 card. Please send concactinformation for Gpg4win support.
Thanks
Comment 13 Emanuel Schütze 2013-08-29 08:02:13 UTC
(In reply to comment #12)
> Please send concactinformation for Gpg4win support.

see http://www.gpg4win.org/support.html