about the OpenPGP Card

Werner Koch wk at gnupg.org
Fri Jul 18 14:21:09 CEST 2008

On Fri, 18 Jul 2008 12:18, p.tucci at gmail.com said:

> Scute is a pkcs11 driver, it means that prior to make your card work
> you need to have downloaded the libary, configured mozilla (and it
> seems no way for IE) and have a working gpg-agent.

Mozilla uses pkcs#11 as its crypto API thus you need such a driver.
Should also work with other browsers but not tested.  Windows port is
under way.

> My driver, on the other side, does not need anything, just a java
> insatllation... so if you are on another pc that has a smartcard

And you need to allow Java in your browser.  Some folks hesitate to
enable this.

> you can still have many chances to use your OpenPGP card (see my
> openpgp openid project http://dev.primianotucci.com/openid/)


> I haven't looked at 2.0 specifications (i'm waiting for the final
> one)... I don't think there are actually OpenPGP cards that implements
> such specifications (correct me if wrong)

In a couple of months.  Actually the new spec has some feature to better
support Java cards.

> The driver is based on the 1.1 specs.... i'll update it as soon as the
> final 2.0 specs will be ready.

This is a release candidate - there are just a few typos left and
possible we need to extend the size of some fields.  I already started
to implemented that in GnuPG.

> Honestly I think the fact that enetering 3 wrong CHV3 destroyes the
> card is a simple ashame... the "reset to blank" command should be a
> must! (hopes for the 2.0 card :))

Included in the new spec due to great public demand.  How I just need
top add a command to gpg to allow resetting the card.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list