Hi, thanks!
Followed the guides, now it seems I got the cert and keys onto the stick:
[code]# pkcs15-tool.exe -D
Using reader with a card: Nitrokey Nitrokey Start 0
PKCS#15 Card [OpenPGP card]:
Version : 0
Serial number : fffe52ff5f00
Manufacturer ID: OpenPGP project
Language :
Flags : PRN generation, EID compliant
PIN [User PIN (sig)]
Object Flags : [0x3], private, modifiable
ID : 01
Flags : [0x13], case-sensitive, local, initialized
Length : min_len:6, max_len:127, stored_len:127
Pad char : 0x00
Reference : 1 (0x01)
Type : UTF-8
Path : 3f00
Tries left : 3
PIN [User PIN]
Object Flags : [0x3], private, modifiable
ID : 02
Flags : [0x13], case-sensitive, local, initialized
Length : min_len:6, max_len:127, stored_len:127
Pad char : 0x00
Reference : 2 (0x02)
Type : UTF-8
Path : 3f00
Tries left : 3
PIN [Admin PIN]
Object Flags : [0x3], private, modifiable
ID : 03
Flags : [0x9B], case-sensitive, local, unblock-disabled, initialized, soPin
Length : min_len:8, max_len:127, stored_len:127
Pad char : 0x00
Reference : 3 (0x03)
Type : UTF-8
Path : 3f00
Tries left : 3
Private RSA Key [Encryption key]
Object Flags : [0x3], private, modifiable
Usage : [0x22], decrypt, unwrap
Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 2048
Key ref : 1 (0x1)
Native : yes
Auth ID : 02
ID : 02
MD:guid : 027bdac1-e7b5-2c05-f39e-6d620bc297ba
Private RSA Key [Authentication key]
Object Flags : [0x3], private, modifiable
Usage : [0x222], decrypt, unwrap, nonRepudiation
Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
ModLength : 2048
Key ref : 2 (0x2)
Native : yes
Auth ID : 02
ID : 03
MD:guid : 3c952494-438b-41ef-2dcd-221b08051c5c
Public RSA Key [Encryption key]
Object Flags : [0x2], modifiable
Usage : [0x11], encrypt, wrap
Access Flags : [0x2], extract
ModLength : 2048
Key ref : 0 (0x0)
Native : no
Path : b801
ID : 02
Public RSA Key [Authentication key]
Object Flags : [0x2], modifiable
Usage : [0x51], encrypt, wrap, verify
Access Flags : [0x2], extract
ModLength : 2048
Key ref : 0 (0x0)
Native : no
Path : a401
ID : 03
X.509 Certificate [Cardholder certificate]
Object Flags : [0x0]
Authority : no
Path : 3f007f21
ID : 03
Encoded serial : 02 04 3B45C021[/code]
Now how do I make the certificate visible/usable in web browser (IE, FF or Chrome)? I tried FF (version 49.0.1) with OpenPGP11.dll version 1.73 from Peter Koch and it detects the stick, prompts for pin and logs-in, so I assume this part is working OK. But when I open the FF Certificate manager I don’t see the cert from the stick on the list. Any suggestions?