[Modules] Using OpenPGP for server and client authentication?
Daniel Clark
dclark at pobox.com
Mon Feb 15 15:50:39 EST 2010
On Mon, Feb 15, 2010 at 1:56 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> Daniel Clark wrote:
>> Issue 0000096: mod_gnutls does not accept client OpenPGP certificates
>> which have no expiration - http://issues.outoforder.cc/view.php?id=96
>> - seems to suggest that there is some way either converting OpenPGP
>> keys into pkcs12 (.p12) for import into web browsers or a web browser
>> plugin similar to the one used by http://www.gpgauth.com that would
>> allow one to log in to a web site using the private key located on the
>> computer a user owns (in conjunction with apache + mod_gnutls or
>> another web server using gnutls running on the server); but I've been
>> unable to find any other documentation on that, or even indication
>> that it is possible.
>> Is there some way of doing this someone could expound upon?
>
> No it cannot be done. The popular Web clients do not support openpgp
> authentication, nor openpgp keys.
K, was hoping there was a browser addon/extension or something I was
missing - thanks.
If anyone knows of other projects implementing client web
authentication via gnupg / openpgp I'd love to hear about them.
Until then I'm going to see if I can fix the trivial firegpg/gpgauth
problem mentioned at
http://www.gpgauth.org/forums/index.php/topic,233.0.html - although
some of the issues mentioned at
http://www.gpgauth.org/forums/index.php/topic,3.0.html look
unresolved.
BTW monkeysphere seems to be working on something similar for server
side, but by changing the way the client works (I think; they promise
doc soon on irc) - xul-ext-monkeysphere / tls-xul-ext
http://github.com/mlc/xul-ext-monkeysphere
--
Daniel JB Clark | Free Software Activist | http://pobox.com/~dclark
More information about the Modules
mailing list