zvrba at globalnet.hr
Mon Sep 5 18:57:54 CEST 2005
Alon Bar-Lev wrote:
> I use Athena smartcard www.athena-scs.com which works perfectly in term of
> Linux and PKCS#11. I enjoy using it with Java JCE, Mozilla, Tunderbird,
> PAM_PKCS11, I've encrypted my disk using aes-loop and then required gpg to
> support PKCS#11... And here we are...
Great! When I was developing my patch, I had only Cryptoflex 8k cards
available (still have a few of them, but not at my current geographical
> This is great work!
> But the work needs to be moved into gpg-agent... :(
Probably not too difficult, but still time-consuming to understand the
existing code.. and that would probably be wasted time, unless you want
to make a life-time commitment to keep the patch in pace with gpg
> I would have help merging it if I knew that there is a chance to merge it
> into to gpg source.
Judging by the discussion on this list.. it seems that there is no
chance for that :(
Look in the archives of gnupg lists, IIRC it is around November 2004,
for threads started by me. I was quickly discouraged by Werner and
nowhere as persistent as you in trying to persuade him into the
usefulness of PKCS#11.
IMHO, PKCS#11 has succeeded where ISO7816 has failed: providing a
(relatively) simple way to interface with many smart-card
implementations, many of which aren't ISO7816-compliant above level 3 -
they even don't support basic interindustry commands, but provide their
own proprietary and undocumented command set.
Personally, I think that applications not supporting PKCS#11 and/or MS
CAPI will become extinct much before than non-compliant ISO7816 cards.
These two have become the de-facto industry standards. I'm no fortune
teller, so time will prove me right or wrong :)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050905/55037bf5/signature-0001.pgp
More information about the Gnupg-devel