From 081b860064bbcbd17758f0964e5e0dd31d22392b Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Thu, 10 Feb 2022 17:45:58 +0200
Subject: [PATCH] fineid: correct parts, new information

---
 fineid/README.md | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/fineid/README.md b/fineid/README.md
index 0ba08f1..7624c61 100644
--- a/fineid/README.md
+++ b/fineid/README.md
@@ -16,6 +16,13 @@ PCSDd must be running, it's found in package `pcscd` on Debian and likely
 sudo systemctl enable pcscd --now
 ```
 
+[As in my shell-things repo, /etc/pkcs11/modules/libcryptoki.module should be created;](https://gitea.blesmrt.net/mikaela/shell-things/src/branch/master/etc/pkcs11/modules)
+
+```
+module: /usr/lib64/libcryptoki.so
+managed: no
+```
+
 ## Chromium
 
 Should work as long as the `DigiSignApplication` from above was running before
@@ -23,6 +30,9 @@ the browser was started.
 
 ## Firefox and Thunderbird
 
+***This doesn't apply if the above libcryptoki.so is created
+and preferably `libcryptoki.so` would be loaded anyway***
+
 In Settings, Advanced, Security devices load the module from (DVV app) `/usr/lib64/libcryptoki.so` or (OpenSC):
 
 * Debian: `/usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so`
@@ -49,8 +59,11 @@ While I don't think the user necessarily needs them, my notes mention `DVV Gov.
 1. Add the key to the agent
   * Debian: `ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so`
   * Fedora: `ssh-add -s /usr/lib64/opensc-pkcs11.so`
-2. Export the public key(s) by `ssh-add -L`
-3. Naturally put them into `~/.ssh/authorized_keys`, but SSH should detect
-   them automatically. The file could also be mentioned in `ssh_config`
+2. Export the public key by `ssh-add -L|head -n1` (the comment should be "todentamis- ja salausavain" ("authentication and encryption key"))
+3. Naturally put it into `~/.ssh/authorized_keys`, but SSH should detect
+   it automatically. The file could also be mentioned in `ssh_config`
+
+The public key should also be stored somewhere that can be passed to gitconfig
+or SSH signing commands if SSH signing is to be used.
 
 Via: https://www.linux.fi/wiki/HST#Ssh_2