Signed in Blood
As I'm now a business holder under the Italian laws jurisdiction, I had to ask a legally recognized "digital sign": a USB key containing some spare applications, libraries and a set of public and private certificates to produce recognizable digital signs identifing myself. The certificates are in an unknown and very specific codification, so the embedded applications are required to actually use them: a classic RSA key pair GPG-style would have been to easy...
Today I've been to the local "Chamber of Commerce" to obtain my personal USB key, as soon as I'm back home I've tried it under Linux (which is - incredibly! - an officially supported platform), and - of course - it didn't worked.
Looking for a solution and reading all the debug informations I found the issue: the infocert.bat
(which is, despite the file extension, a shell script) contained the wrong vendor and product ID for my USB key, so it was not able to recognize and init it correctly.
It has been easy to change the following line
VIDPIDS="072f:100d"
with the right information, obtained with lsusb
VIDPIDS="25dd:2311"
and start it again to complete the init and verification phase.
Luckily, the inforcert.bat
file was a readable and modifiable script instead of a binary executable, so I could hack and correct it.
This image has been the first file I've signed, to verify everything working as expected:
(This post is probably of interest only to Italian people, let me add some relevant keyword for Google indexing: firma digitale, Camera di Commercio, Torino, Infocert, Infocamere).