Hi,
can I use (or even is it supported) an external Security token like the Nitrokey Start with PGP keys with the Trust/Authorities? I would assume I have to use 'Import an exsisting Certificate Authority' but the question rise how to enter the pass phrase for the private key than. The Nitro Key must be probably placed on the OPNsense box I would assume.
Thanks in advance
Hi ole,
PGP keys have nothing to do with TLS/SSL certificate chains, i.e. intermediate and root certificates provided under "trust authorities".
Cheers,
Franco
thanks for your answer. Probably my question was missleading. I did consider using something described here: https://raymii.org/s/articles/Get_Started_With_The_Nitrokey_HSM.html (https://raymii.org/s/articles/Get_Started_With_The_Nitrokey_HSM.html) or https://raymii.org/s/articles/Nitrokey_Start_Getting_started_guide.html (https://raymii.org/s/articles/Nitrokey_Start_Getting_started_guide.html), using the smartcard capability of Nitrokey (Start) - not the PGP signing one. There is a Certificate/Signing private key on this 2nd factor. I fear, the private Key(s) can be hacked e.g. if something is misconfigured on OPNsense by me once a day.