pkcs11 supported or not ?
bk
bk390934@skynet.be
Wed Jul 2 23:24:02 2003
On Wednesday 02 July 2003 10:24, Werner Koch wrote:
> On Wed, 2 Jul 2003 09:20:13 +0200, bk said:
> > I've seen contradictory information: the web page mentions pkcs11 as one
> > of the supported standards, but in a prevous post in this mailing list
> > this is
>
> The OpenSC library supports PKCS#11 but we don't make any use of it.
> Due to license incompatibilities, it won't make much sense to provide
> pkcs#11 access to the entire aegypten system (i.e. gpgsm).
Hi Werner,
Thanks for the quick reply. I'm not sure I quite understand what your trying
to say, though.
My point is to have the aegypten system use a pkcs#11 provider, not become one
itself.
My question is: All 10.5 million Belgian citizens over the age of 12 will
receive a new national ID card. The new card has a chip and supports digital
signature. It has 2 key pairs with standard X509 certificates. The signature
made with this card has legal value both under EU law and Belgian law. The
gov't will provide a pkcs#11 driver for Windows and Linux (!).
Just imagine, 10 million RSA cards and you can't use them with KMail? Ugh. I
really had my hopes set on using my ID card in KDE's browser and e-mail
client.
So, I'm genuinly interested to know what is the technical reason not to
support pkcs#11 tokens and what is the license restriction for gpgsm to use a
3rd party pkcs#11 driver.
Kind regards,
Bart