Kmail and signing

Ingo Klöcker kloecker at kde.org
Wed Mar 3 21:48:17 GMT 2021


On Mittwoch, 3. März 2021 21:29:27 CET Aldo Latino wrote:
> In data martedì 2 marzo 2021 22:57:00 CET, Ingo Klöcker ha scritto:
> > The upcoming GnuPG 2.3 will support the PIV smartcard application
> > additionally to the OpenPGP smartcard application. If your YubiKey
> > supports
> > the PIV application (my YubiKey 5 does), then you could store your S/MIME
> > certificate on your YubiKey additionally to your OpenPGP keys. If I
> > remember correctly, then uploading the signing key to the PIV application
> > is not possible because the PIV specification requires the signing key to
> > be generated on-card. The encryption key/certificate can be uploaded to
> > the
> > PIV application.
> 
> I managed to upload my S/MIME certificate in the slot 9c of my YubiKey 4,
> which supports the PIV application.
> 
> Is there a way to use the S/MIME certificate stored in the YubiKey, instead
> of the certificate imported in Kleopatra? I would like to enter a PIN
> instead of the passphrase for every signing operation.

That depends on whether you are adventurous and want to give the recently
released GnuPG 2.3 Beta a try. See here for details:
https://lists.gnupg.org/pipermail/gnupg-devel/2021-February/034694.html

The latest version of Kleopatra also supports the PIV smartcard application
(using GnuPG 2.3 as backend). See
https://ervin.ipsquad.net/blog/2020/11/01/news-from-kde-pim-in-september-october-2020/
for a sneak peak.

> Thank you, Ingo, for your help. Much appreciated.

Thanks. You are welcome.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kdepim-users/attachments/20210303/ef32fd7c/attachment.sig>


More information about the kdepim-users mailing list