47 lines
1.8 KiB
Markdown
47 lines
1.8 KiB
Markdown
# margfools
|
|
|
|
Python script to replace [MargTools](https://businessconnect.margis.si/output/#orodja). Can be used to sign documents with [GovernmentConnect](https://margis.si/produkti/government-connect/).
|
|
|
|
## Usage
|
|
|
|
Run `margfools -h` for a synopsis of command‐line arguments. Allowed arguments are
|
|
|
|
margfools [-h] [-e {file,pkcs11}] [-k KEYFILE] [-c CERTFILE] [-i <KEY ID>] URL
|
|
|
|
To use a signing key and certificate stored in PEM files, install `openssl` and run
|
|
|
|
margfools -e file -k KEYFILE -c CERTFILE bc-digsign://sign?…
|
|
|
|
To sign using a PIV-II smartcard such as the Yubikey, install `pkcs11-tool` from [OpenSC](https://github.com/OpenSC/OpenSC) and run
|
|
|
|
margfools -e pkcs11 -i <KEY ID> bc-digsign://sign?…
|
|
|
|
The script will prompt for the PIN to unlock the smartcard. To find the key ID, run
|
|
|
|
pkcs11-tool -O
|
|
|
|
To use `margfools` from the web app, set it as the default program for `x-scheme-handler/bc-digsign` URLs, or copy the `margfools.desktop` file to `~/.local/share/applications/` and run
|
|
|
|
xdg-mime default margfools.desktop x-scheme-handler/bc-digsign
|
|
|
|
For this to work, the script must be configured as described below.
|
|
|
|
## Configuration
|
|
|
|
Settings can be saved on a per‐site basis in `~/.margfools` using the [configparser](https://docs.python.org/3/library/configparser.html) format.
|
|
|
|
[DEFAULT]
|
|
engine = pkcs11
|
|
|
|
[https://gcsign.example.org/BCSign/]
|
|
id = 02
|
|
|
|
[https://gcsign.example.com/BCSign/]
|
|
engine = file
|
|
keyfile = <path/to/key.pem>
|
|
certfile = <path/to/cert.pem>
|
|
|
|
All settings can be specified for all sites in the default section, or for individual sites. The section name should match the percent-decoded value of `baseURL` in
|
|
|
|
bc-digsign://sign?…&baseUrl=https%3a%2f%2fgcsign.example.com%2fBCSign%2f&…
|