Add support for smartcards

2023-12-06 14:49:17 +01:00 · 2023-12-06 14:49:17 +01:00 · 7d04aa3d86
commit 7d04aa3d86
parent 89eabe9f87
2 changed files with 70 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -4,12 +4,37 @@ Python script to replace [MargTools](https://businessconnect.margis.si/output/#o

 ## Usage

-Create the configuration file `~/.margfools` with the paths to your TLS private key and certificate in PEM format:
+
+### Configure certificates and sites
+
+Create the configuration file `~/.margfools`. The contents are described in the sections below.
+
+#### Certificates in files
+If you are using certificate files, add the paths to your TLS private key and certificate in PEM format:

    [https://gcsign.example.com/BCSign/]
    user-key = <path/to/key.pem>
    user-cert = <path/to/cert.pem>

+#### Certificates on smartcards
+If you have your certificate on a PIV-II smart card (e.g. Yubikey), first determine the slot on your card which contains the certificate you wish to use:
+
+    pkcs11-tool -O
+
+Look for "ID:" in the output.
+
+Assuming the ID of your certificate was 07, specify the engine and certificate slot in your config file:
+
+
+    [https://gcsign.example.com/BCSign/]
+    engine=pkcs11
+    user-key = 07
+
+
+You will be asked for your pin during signing.
+
+### Add URL schema
+
 Section name is the percent-decoded value of `baseURL` in

    bc-digsign://sign?accessToken=…&baseUrl=https%3a%2f%2fgcsign.example.com%2fBCSign%2f&…'