OpenPGP Card

Zeljko Vrba zvrba at
Tue Sep 6 16:17:07 CEST 2005

Alphax wrote:
> Zeljko Vrba wrote:
>>Joe Smith wrote:
>>>For example, your CA can revoke your key leaving you with one key that
>>>is invalid X.509, but valid OpenPGP? Yuck!
>>Using the X.509 cert and OpenPGP public key (having the same private
>>key) could be useful in the following scenario:
> Is that even allowed??
In what sense allowed? PKCS#11 know nothing about policies.. It just
exposes a set of objects on the card (certificate, public and private
keys and maybe some other data objects along with certificates).

The application is free to do whatever it wants with these objects,
given sufficient authentication to the card (PIN). Technically, there is
nothing CA can do to prevent you to use your X.509 keys as OpenPGP keys.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050906/2990ac4f/signature.pgp

More information about the Gnupg-devel mailing list