[Modules] Using OpenPGP for server and client authentication?

Simon Josefsson simon at josefsson.org
Mon Feb 15 15:57:13 EST 2010


Daniel Clark <dclark at pobox.com> writes:

> On Mon, Feb 15, 2010 at 1:56 PM, Nikos Mavrogiannopoulos
> <nmav at gnutls.org> wrote:
>> Daniel Clark wrote:
>>> Issue 0000096: mod_gnutls does not accept client OpenPGP certificates
>>> which have no expiration  - http://issues.outoforder.cc/view.php?id=96
>>> - seems to suggest that there is some way either converting OpenPGP
>>> keys into pkcs12 (.p12) for import into web browsers or a web browser
>>> plugin similar to the one used by http://www.gpgauth.com that would
>>> allow one to log in to a web site using the private key located on the
>>> computer a user owns (in conjunction with apache + mod_gnutls or
>>> another web server using gnutls running on the server); but I've been
>>> unable to find any other documentation on that, or even indication
>>> that it is possible.
>>> Is there some way of doing this someone could expound upon?
>>
>> No it cannot be done. The popular Web clients do not support openpgp
>> authentication, nor openpgp keys.
>
> K, was hoping there was a browser addon/extension or something I was
> missing - thanks.
>
> If anyone knows of other projects implementing client web
> authentication via gnupg / openpgp I'd love to hear about them.

If you are using OpenPGP smartcards, check out the Scute PKCS#11 engine.
I don't recall it supports using a GnuPG key on disk, but I guess it
should be possible technically?

/Simon


More information about the Modules mailing list