Side note: the curses-based pinentry doesn’t deal with piping content into stdin, which is why you want pinentry-mac. Then you’ll need to generate and sign a self-signed X.509 certificate for this keypair (you’ll need both the PEM form and the DER form): /usr/local/opt/openssl/bin/openssl rsa2048 Įcho -n "Hello World" | gpg -armor -clearsign -textmode The -id can be any hexadecimal id you want. Which you can do with pkcs11-tool: pkcs11-tool -module /usr/local/lib/opensc-pkcs11.so -l \ Gnupg-pkcs11-scd won’t create keys, so if you’ve not made one already, you need to generate yourself a keypair.
GNUPG MAC VERSION INSTALL
brew install opensc gnupg gnupg-pkcs11-scd pinentry-mac \ There’s a bunch of things you’ll want to install from brew: opensc, gnupg, gnupg-pkcs11-scd, pinentry-mac, openssl and engine_pkcs11. Unfortunately it’s a bit of a hassle to set up. However there is gnupg-pkcs11-scd which is a replacement for scdaemon which uses PKCS #11. Allegedly (at least some) Nitrokeys are supported by scdaemon (GnuPG’s stand-in abstraction for cryptographic tokens) but it seems that the version of scdaemon in brew doesn’t have support. I thought the simple question whether rndlinux.Getting yourself set up in macOS to sign keys using a Nitrokey HSM with gpg is non-trivial. Make: Leaving directory `/opt/local/var/macports/build/_opt_local_var_macports_sources_nue.de._macports_release_tarballs_ports_devel_libgcrypt/libgcrypt/work/libgcrypt-1.9.2'Ĭommand failed: cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_nue.de._macports_release_tarballs_ports_devel_libgcrypt/libgcrypt/work/libgcrypt-1.9.2" & /usr/bin/make -w all Make: Leaving directory `/opt/local/var/macports/build/_opt_local_var_macports_sources_nue.de._macports_release_tarballs_ports_devel_libgcrypt/libgcrypt/work/libgcrypt-1.9.2/random' Rndlinux.c:36:26: error: Availability.h: No such file or directory deps/rndlinux.Tpo -c rndlinux.c -fno-common -DPIC -o. I./src -I./src -isystem/opt/local/include/LegacySupport -I/opt/local/include -I/opt/local/include -pipe -Os -std=gnu89 -arch ppc -fno-delete-null-pointer-checks -Wall -MT rndlinux.lo -MD -MP -MF. Libtool: compile: /opt/local/bin/gcc-apple-4.2 -DHAVE_CONFIG_H -I. deps/rndlinux.Tpo -c -o rndlinux.lo rndlinux.c libtool -tag=CC -mode=compile /opt/local/bin/gcc-apple-4.2 -DHAVE_CONFIG_H -I.
I don't know when the symbol of getentropy was available on macOS.įor the old systems with no getentropy symbol, it won't work at all. We should not use system defined getentropy (on a build system >= 10.12), because it is defined with no 'weak_import' attribute. +#if defined(_APPLE_) & defined(_MACH_) + if (&getentropy != NULL) +#endif #if defined(HAVE_GETENTROPY) || defined(_NR_getrandom) # include -260,6 +264,9 _gcry_rndlinux_gather_random (void (*add)(const void*, size_t,
#if defined(_linux_) || !defined(HAVE_GETENTROPY) +#if defined(_APPLE_) & defined(_MACH_) +extern int getentropy (void *buf, size_t buflen) _attribute_ ((weak_import)) +#define HAVE_GETENTROPY +#endif
0 kommentar(er)
