Rework argument processing
And also README.
This commit is contained in:
Timotej Lazar
parent
5f0ceead24
commit
79958bb100
2 changed files with 98 additions and 81 deletions
55
README.md
55
README.md
|
|
@ -4,40 +4,43 @@ Python script to replace [MargTools](https://businessconnect.margis.si/output/#o
|
|||
|
||||
## Usage
|
||||
|
||||
Create the configuration file `~/.margfools`. The contents are described in the sections below.
|
||||
Run `margfools -h` for a synopsis of command‐line arguments. Allowed arguments are
|
||||
|
||||
### Certificates in files
|
||||
margfools [-h] [-e {file,pkcs11}] [-k KEYFILE] [-c CERTFILE] [-i <KEY ID>] URL
|
||||
|
||||
If you are using certificate files, add the paths to your TLS private key and certificate in PEM format:
|
||||
To use a signing key and certificate stored in PEM files, install `openssl` and run
|
||||
|
||||
[https://gcsign.example.com/BCSign/]
|
||||
key = <path/to/key.pem>
|
||||
cert = <path/to/cert.pem>
|
||||
margfools -e file -k KEYFILE -c CERTFILE bc-digsign://sign?…
|
||||
|
||||
### Certificates on smartcards
|
||||
To sign using a PIV-II smartcard such as the Yubikey, install `pkcs11-tool` from [OpenSC](https://github.com/OpenSC/OpenSC) and run
|
||||
|
||||
If you have your certificate on a PIV-II smart card (e.g. Yubikey), first determine the slot on your card which contains the certificate you wish to use:
|
||||
margfools -e pkcs11 -i <KEY ID> bc-digsign://sign?…
|
||||
|
||||
The script will prompt for the PIN to unlock the smartcard. To find the key ID, run
|
||||
|
||||
pkcs11-tool -O
|
||||
|
||||
Look for "ID:" in the output.
|
||||
|
||||
Assuming the ID of your certificate was 07, specify the engine and certificate slot in your config file:
|
||||
|
||||
[https://gcsign.example.com/BCSign/]
|
||||
engine = pkcs11
|
||||
key = 07
|
||||
|
||||
You will be asked for your pin during signing.
|
||||
|
||||
### Add URL schema
|
||||
|
||||
Section name is the percent-decoded value of `baseURL` in
|
||||
|
||||
bc-digsign://sign?accessToken=…&baseUrl=https%3a%2f%2fgcsign.example.com%2fBCSign%2f&…'
|
||||
|
||||
You can set `margfools` as the default program for `bc-digsign` URLs by copying the `margfools.desktop` file to `~/.local/share/applications/` and running
|
||||
To use `margfools` from the web app, set it as the default program for `x-scheme-handler/bc-digsign` URLs, or copy the `margfools.desktop` file to `~/.local/share/applications/` and run
|
||||
|
||||
xdg-mime default margfools.desktop x-scheme-handler/bc-digsign
|
||||
|
||||
or by setting the default application in your browser.
|
||||
For this to work, the script must be configured as described below.
|
||||
|
||||
## Configuration
|
||||
|
||||
Settings can be saved on a per‐site basis in `~/.margfools` using the [configparser](https://docs.python.org/3/library/configparser.html) format.
|
||||
|
||||
[DEFAULT]
|
||||
engine = pkcs11
|
||||
|
||||
[https://gcsign.example.org/BCSign/]
|
||||
id = 02
|
||||
|
||||
[https://gcsign.example.com/BCSign/]
|
||||
engine = file
|
||||
keyfile = <path/to/key.pem>
|
||||
certfile = <path/to/cert.pem>
|
||||
|
||||
All settings can be specified for all sites in the default section, or for individual sites. The section name should match the percent-decoded value of `baseURL` in
|
||||
|
||||
bc-digsign://sign?…&baseUrl=https%3a%2f%2fgcsign.example.com%2fBCSign%2f&…
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue