about the OpenPGP Card

Primiano Tucci p.tucci at gmail.com
Fri Jul 18 12:18:48 CEST 2008

On Fri, Jul 18, 2008 at 9:45 AM, Werner Koch <wk at gnupg.org> wrote:
> On Thu, 17 Jul 2008 22:23, p.tucci at gmail.com said:
>> It's a (working) php OpenID service that allows to get an unique login
>> identity on the web using the OpenPGP Card
> As a shameless plug let me mention that there is also Scute
> (www.scute.org).  Scute is a pkcs#11 driver on top of gpg-agent.  It can
> also be used to login to a server using the OpenPGP card.  Scute
> requires a running gpg-agent though and has only be tested with Mozilla.

Scute is a pkcs11 driver, it means that prior to make your card work
you need to have downloaded the libary, configured mozilla (and it
seems no way for IE) and have a working gpg-agent.

My driver, on the other side, does not need anything, just a java
insatllation... so if you are on another pc that has a smartcard
reader (where probably there isn't any gpg-agent nor pkcs11 library)
you can still have many chances to use your OpenPGP card (see my
openpgp openid project http://dev.primianotucci.com/openid/)

> Primiano: Are you aware of the draft 2.0 specification for the card?
> There are a couple of new things in it; for example a new DO to store a
> certificiate and a way to reset the card to factory defaults:
> http://g10code.com/docs/openpgp-card-2.0-rc1.pdf .

I haven't looked at 2.0 specifications (i'm waiting for the final
one)... I don't think there are actually OpenPGP cards that implements
such specifications (correct me if wrong)
The driver is based on the 1.1 specs.... i'll update it as soon as the
final 2.0 specs will be ready.

Honestly I think the fact that enetering 3 wrong CHV3 destroyes the
card is a simple ashame... the "reset to blank" command should be a
must! (hopes for the 2.0 card :))

> Salam-Shalom,
>   Werner

Thanks for your interest,
Primiano Tucci

More information about the Gnupg-devel mailing list