Fwd: KMail/GnuPG always report problems with signed S/MIME
Werner Koch
wk at gnupg.org
Tue Jul 20 17:28:50 CEST 2004
On Tue, 20 Jul 2004 16:27:26 +0200, bsmaillist said:
> So we have GnuPG excluding all PKCS#11 cards and we have KMail 1.7 excluding
Sorry, there are no pkcs#11 cards. pkcs#11 is merely an API between
an application and a driver - not with the card. The host application
must be aware of the card's application.
The proprietary pkcs#11 drivers try to translate from their
proprietary card application to something, say, Mozilla can cope with.
For legal reasons we (GPLed code, e.g. gnupg, KDE) can't link to such
a driver anyway. If you have a free driver you will also have the
specification of the card - I am not aware of any.
Well, pkcs#15 cards basically work (pkcs#15 is a card application
framework, but you need to tweak it for each card) and we have support
for them.
Ij general our approach is to access the card directly and use the
card's applications without any intermediate layer.
> And as far as PKCS#11 being a "silly standard", isn't the operative word
> here : "standard"?
It is a bunch of defined function calls common to most applications,
but missing a lot of other required ones. Virtually all card
application vendors use their own proprietary extensions to pkcs#11.
Guess why: There is still no market leader and every proprietary
vendor tries to become the leader. Their tactics are simple: use
enough of a standard for the marketing dept but make sure the
application won't interface nicely with another vendors
product. Sounds common, right?
Shalom-Salam,
Werner
More information about the Gpa-dev
mailing list