alon.barlev at gmail.com
Thu Sep 1 12:54:52 CEST 2005
I am sorry to intrude...
But I had a discussion with Werner Koch about a similar issue.
I think that gpg should support PKCS#11 interface for smartcards, so
can be used with all smartcards that support this standard.
PKCS#11 is the most used and most implemented standard.
I don't understand why gpg developers choose to implement their own
standard... The most reasonable claim I've got was the licensing
issue... But nobody
succeeded in proving that there is a licensing problem.
You can look for messages with "PKCS#11 support for gpg-agent" subject
information at gnupg-users.
Joe Smith wrote:
> There is no need to post a message to the list three times.
>> Is it possible to obtain further details on the OpenPGP card?
>> I have such a card and a working smartcard reader but, ideally, I'd
>> like to
>> obtain copies of the sourcecode and program my own cards. However, it's
>> extremely difficult to track down any specific information!
> You can get aditional information, but unfortunately the information
> available is not to particularly satisfying.
> That said these are the details I know:
> The openPGP cards are manufactured by PPC Card Systems using a chip
> created by Atmel, running BasicCard OS, and code written presumably by
> Werner Koch. The cards are non-reprogrammable, they are set to state
> The last I asked there were no other manufactures of OpenPGP Card
> complient smartcards.
> Ideally one should be able to just buy a smart card with rsa support,
> download OpenPGP card source, and compile it. Then flash it and any
> other things you wish to have on the card. However it sadly does not
> work that way.
> Source code is not available. Here is a quote from an email Werner
> sent me:
>>> Is the source for the program on the card available?
>> No, this is not possible because the chip vendors supply chips only to
>> large card vendors due to fear of litigation through Pay TV channels.
>> They had pretty bad experience with that in recent years. Same goes
>> with the firmare supplied with the chip which is the base of the
>> (actual very small) application we did. Atmel will even stop the
>> production of the chip we are currently using due to force by Pay TV
>> lawyers (the same chip is used in many Pay TV scrambling systems; and
>> they all use security by litigation). Its all a very sad and
>> ridiculous situation.
> If you can somehow manage to get ahold of a BasicCard OS-based
> smartcard that has support for RSA, it would not be too difficult to
> program it. Most of the crypto stuff is handled by the chip, so the
> code needed to be written is mainly interface code.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-devel