# Redwax SignText Native Messaging for Linux

This provides the native messaging application for Redwax SignText for Linux
platforms.

The job of this component is to provide the user interface, to enumerate
smartcards, to ask the end user for consent to sign the text, and to perform
the signing and returning of the text to the browser web extension.

No data is returned to the browser without the consent of the end user, who
is invited to choose a certificate and provide the PIN protecting the private
key. If the user consents and the PIN is valid, the text is signed and returned
to the browser.

# Technical details

We use [Gcr](https://gitlab.gnome.org/GNOME/gcr) and
[p11kit](https://p11-glue.github.io/p11-glue/p11-kit.html) to scan for PKCS11
modules containing tokens known to the system. All non CA leaf certificates
that are anchored correctly to a valid trust chain are considered for selection.
Certificates must have emailProtection extended key usage. If a certificate
category is present, non end entity certificates are ignored.

# Web extension

We bundle the webextension published in ../firefox. The zip file produced is
uploaded manually to https://addons.mozilla.org where it is signed and offered
for download as an xpi file. This xpi file is included here in rst@redwax.eu.xpi.

# Build

To build, do the following:

    autoreconf --install --force
    ./configure
    make
    make install

To create a source RPM for building on Redhat/Fedora:

    autoreconf --install --force
    ./configure
    make dist
    rpmbuild -ts redwax-signtext-*.tar.bz2

To do the RPM build:

    rpmbuild -tb redwax-signtext-*.tar.bz2