OpenPGP Card

Werner Koch wk at gnupg.org
Fri Sep 2 17:37:52 CEST 2005


On Fri, 02 Sep 2005 16:13:45 +0300, Alon Bar-Lev said:

> Finally someone who understand... I had no such luck with Werner Koch, who
> argues that OpenPGP card is standard...

Well it is as much a standard as pkcs#15 is one.  Who decides what a
standard is?  RSA Corporation defines standards known as PKCS, we
define an ISO7816 compliant standard for a card, dubbed OpenPGP card.
You may use this one or do it like 99% of the smartcard vendors and
use a proprietary card application where the specs are in the best
case only available under NDA.

> an approach that each application may define how its smartcard should
> be built.
> This approach like any other proprietary approach will disappear along
> with its software,

Huh?  It is not about a particular application, it just happens that
gpg suuports this card.  There are other application unrelated to gpg
also using this card, for example the Poldi PAM.  I also know of other
projjects using this card - just because it is well defined and the
specs are open.

> I don't think it is wise... There are some suitable cards that provide
> PKCS#11 in Linux,

Please go an read the standard before talking about it: No card
implements PKCS#11 because that is an API between a token provider and
an application.  No ISO compliant card will be able to implement
PKCS#11.

You might be thinking about pkcs#15 - this is indeed a standard which
defines how a card application may appear to software.  However there
are many variants of pkcs#15, it is complicated and experience showed
that it didn't helped much with interoperability.  Given that card
application are pretty small beasts, it seems to me far easier to add
its counterpart to the host application than to hammer it into a
limited framework.


Salam-Shalom,

   Werner


-- 
An engineer, a chemist, and a standards designer are stranded on a
desert island with absolutely nothing on it.  One of them finds a can
of spam washed up by the waves.

The engineer says "Taking the strength of the seams into account, we
can calculate that bashing it against a rock with a given force will
open it up without destroying the contents".

The chemist says "Taking the type of metal the can is made of into
account, we can calculate that further immersion in salt water will
corrode it enough to allow it to be easily opened after a day".

The standards designer gives the other two a condescending look, gazes
into the middle distance, and begins "Assuming we have an electric can
opener...".
                              - from Peter Gutman's X.509 Style Guide






More information about the Gnupg-devel mailing list