[guardian-dev] using a g10 smartcard for our APK signing key

Hans-Christoph Steiner hans at guardianproject.info
Tue Nov 12 13:25:57 EST 2013


I was thinking that we should use one of these OpenPGP smartcards for the
signing key we use for signing our official APK releases.  They are supposed
to work for X.509 keys as well.  Anyone have an experience using jarsigner and
keytool, or Android even, with these smartcards?

They also promise that it is not possible to read the secret key off of them.
 I wonder if that promise is strong enough that we could plug one of these
into our nighlty build server so that our nightly builds would share the same
key as the official releases.

.hc

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81


More information about the Guardian-dev mailing list