OpenPGG Card

Alon Bar-Lev alon.barlev at gmail.com
Thu Sep 1 12:54:52 CEST 2005 

Hello,

I am sorry to intrude...

But I had a discussion with Werner Koch about a similar issue.

I think that gpg should support PKCS#11 interface for smartcards, so 
that it
can be used with all smartcards that support this standard.

PKCS#11 is the most used and most implemented standard.

I don't understand why gpg developers choose to implement their own 
smartcard
standard... The most reasonable claim I've got was the licensing 
issue... But nobody
succeeded in proving that there is a licensing problem.

You can look for messages with "PKCS#11 support for gpg-agent" subject 
for future
information at gnupg-users.


Best Regards,
Alon Bar-Lev.

Joe Smith wrote:

> There is no need to post a message to the list three times.
>
>> Is it possible to obtain further details on the OpenPGP card?
>>
>> I have such a card and a working smartcard reader but, ideally, I'd 
>> like to
>> obtain copies of the sourcecode and program my own cards.  However, it's
>> extremely difficult to track down any specific information!
>
>
> You can get aditional information, but unfortunately the information 
> available is not to particularly satisfying.
>
> That said these are the details I know:
> The openPGP cards are manufactured by PPC Card Systems using a chip 
> created by Atmel, running BasicCard OS, and code written presumably by 
> Werner Koch. The cards are non-reprogrammable, they are set to state 
> 'RUN'.
>
> The last I asked there were no other manufactures of OpenPGP Card 
> complient smartcards.
>
> -----
>
> Ideally one should be able to just buy a smart card with rsa support, 
> download OpenPGP card source, and compile it. Then flash it and any 
> other things you wish to have on the card. However it sadly does not 
> work that way.
>
> Source code is not available. Here is a quote from an email Werner 
> sent me:
>
>>> Is the source for the program on the card available?
>>
>>
>> No, this is not possible because the chip vendors supply chips only to
>> large card vendors due to fear of litigation through Pay TV channels.
>> They had pretty bad experience with that in recent years.  Same goes
>> with the firmare supplied with the chip which is the base of the
>> (actual very small) application we did.  Atmel will even stop the
>> production of the chip we are currently using due to force by Pay TV
>> lawyers (the same chip is used in many Pay TV scrambling systems; and
>> they all use security by litigation).  Its all a very sad and
>> ridiculous situation.
>
>
> If you can somehow manage to get ahold of a BasicCard OS-based 
> smartcard that has support for RSA, it would not be too difficult to 
> program it. Most of the crypto stuff is handled by the chip, so the 
> code needed to be written is mainly interface code.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

More information about the Gnupg-devel mailing list