Add support for smartcards

1 files changed, 26 insertions, 1 deletions

diff --git a/README.md b/README.md
index 3e354fb..b0a9e13 100644
--- a/README.md
+++ b/README.md
@@ -4,12 +4,37 @@ Python script to replace [MargTools](https://businessconnect.margis.si/output/#o
 
 ## Usage
 
-Create the configuration file `~/.margfools` with the paths to your TLS private key and certificate in PEM format:
+
+### Configure certificates and sites
+
+Create the configuration file `~/.margfools`. The contents are described in the sections below.
+
+#### Certificates in files
+If you are using certificate files, add the paths to your TLS private key and certificate in PEM format:
 
     [https://gcsign.example.com/BCSign/]
     user-key = <path/to/key.pem>
     user-cert = <path/to/cert.pem>
 
+#### Certificates on smartcards
+If you have your certificate on a PIV-II smart card (e.g. Yubikey), first determine the slot on your card which contains the certificate you wish to use:
+
+    pkcs11-tool -O
+
+Look for "ID:" in the output.
+
+Assuming the ID of your certificate was 07, specify the engine and certificate slot in your config file:
+
+
+    [https://gcsign.example.com/BCSign/]
+    engine=pkcs11
+    user-key = 07
+
+
+You will be asked for your pin during signing.
+
+### Add URL schema
+
 Section name is the percent-decoded value of `baseURL` in
 
     bc-digsign://sign?accessToken=…&baseUrl=https%3a%2f%2fgcsign.example.com%2fBCSign%2f&…'