about the OpenPGP Card

Werner Koch wk at gnupg.org
Fri Jul 18 15:58:02 CEST 2008

On Fri, 18 Jul 2008 15:01, p.tucci at gmail.com said:

>> Mozilla uses pkcs#11 as its crypto API thus you need such a driver.
> This is absolutely uncorrect.

PKCS#11 is the native crypto API of Mozilla.  But that is irrelevant
because you do not use it ...

> I do NOT need mozilla crypto api, i do not need the entire pkcs#11
> layer since my driver rawly communicates via the T=1 protocol with the
> card (thanks to Sun's Java low level APIs).

.. sure. 

>> Should also work with other browsers but not tested.  Windows port is
>> under way.
> Internet explorer does not use the standard PKCS11 layer... it uses a
> more sofisticated layer (CSP).

"Windows port" does not necessary mean "for Internet Exploder".

> But we're in the 2008 and the i suppose the probability to find a Java
> installation in a PC is realistically high (and absolutely higher than
> the probability to find a pkcs11 layer + gpg agent + pkcs11 correctly
> installed )

Depends on whom you ask.  Those people using the OpenPGP card are
probably a bit more security aware than the average Windows user.  In
fact, many security policies of companies and public administrations do
not allow the use of Java on client machines.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list