zvrba at globalnet.hr
Tue Sep 6 16:17:07 CEST 2005
> Zeljko Vrba wrote:
>>Joe Smith wrote:
>>>For example, your CA can revoke your key leaving you with one key that
>>>is invalid X.509, but valid OpenPGP? Yuck!
>>Using the X.509 cert and OpenPGP public key (having the same private
>>key) could be useful in the following scenario:
> Is that even allowed??
In what sense allowed? PKCS#11 know nothing about policies.. It just
exposes a set of objects on the card (certificate, public and private
keys and maybe some other data objects along with certificates).
The application is free to do whatever it wants with these objects,
given sufficient authentication to the card (PIN). Technically, there is
nothing CA can do to prevent you to use your X.509 keys as OpenPGP keys.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050906/2990ac4f/signature.pgp
More information about the Gnupg-devel