[gnutls-help] Signing an x509 Certificate Signing Request (CSR) with a smart card
Lars Noodén
lars.nooden at gmx.com
Tue Jul 22 11:08:24 CEST 2025
Hello,
I have a smart card which contains 1) an authentication and encryption
certificate, plus a matching private key, and 2) a signature
certificate, plus a matching private key.
The card (or at least its reader) is seen by the GnuTLS PKCS #11 tool,
but that is as far as I get, in part due to a PIN and in part due to my
ignorance on the topic:
$ p11tool --list-tokens
Token 0:
URL:
pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
Label: System Trust
Type: Trust module
Flags: uPIN uninitialized
Manufacturer: PKCS#11 Kit
Model: p11-kit-trust
Serial: 1
Module: p11-kit-trust.so
What I would like to do is use this card to sign a CSR (x509
Certificate Signing Request) file using the card's private signing key.
I presume that is right up GnuTLS' alley. I am grateful for any help,
advice, or pointers in that direction.
/Lars
PS. Context:
$ apt-cache policy gnutls-bin | head -n 2
gnutls-bin:
Installed: 3.8.3-1.1ubuntu3.4
$ lsb_release -rd
No LSB modules are available.
Description: Linux Mint 22.1
Release: 22.1
$ uname -srm
Linux 6.8.0-64-generic x86_64
More information about the Gnutls-help
mailing list