margfools

Python script to replace MargTools. Can be used to sign documents with GovernmentConnect.

Usage

Create the configuration file ~/.margfools. The contents are described in the sections below.

Certificates in files

If you are using certificate files, add the paths to your TLS private key and certificate in PEM format:

[https://gcsign.example.com/BCSign/]
key = <path/to/key.pem>
cert = <path/to/cert.pem>

Certificates on smartcards

If you have your certificate on a PIV-II smart card (e.g. Yubikey), first determine the slot on your card which contains the certificate you wish to use:

pkcs11-tool -O

Look for "ID:" in the output.

Assuming the ID of your certificate was 07, specify the engine and certificate slot in your config file:

[https://gcsign.example.com/BCSign/]
engine = pkcs11
key = 07

You will be asked for your pin during signing.

Add URL schema

Section name is the percent-decoded value of baseURL in

bc-digsign://sign?accessToken=…&baseUrl=https%3a%2f%2fgcsign.example.com%2fBCSign%2f&…'

You can set margfools as the default program for bc-digsign URLs by copying the margfools.desktop file to ~/.local/share/applications/ and running

xdg-mime default margfools.desktop x-scheme-handler/bc-digsign

or by setting the default application in your browser.