OpenPGP card specification: Data Object of 0x7f21 ("CERT-3")

Sébastien Lorquet sebastien at
Wed Dec 21 10:32:10 CET 2011


On May 18, 2011, Werner told me that:

> There won't be a stupid old file system interface.

Will you be luckier than me?


NIIBE Yutaka <gniibe at> a écrit :

> Hi,
> This is my comment for OpenPGP card specification version 2.0, with
> regard to Data Object 0x7f21, according to my experience of developing
> Gnuk.
> In short, Data Object 0x7f21 ("CERT-3") is difficult to support.
> If I understand correctly, this data object supposed to have X.509
> certificate for authentication key "OPENPGP.3".
> The size of this data object is big, from the viewpoint of smartcard.
> When I created my certificate with, its length is 1328 byte
> (for my RSA 2048-bit key for authentication).  I think that it can be
> bigger.
> While other data objects are small enough (< 256 bytes), this data
> object is exceptionally big.
> Current of GnuPG for exended APDU level cannot handle such a big data
> object.  This is true for internal ccid driver as well as for PC/SC
> backend.
> For ccid driver, it's ccid-driver.c:ccid_transceive_apdu_level, which
> has smaller buffer.  For PC/SC backend it's
> pcsc-wrapper.c:handle_transmit which has 1024-byte buffer.
> I wonder to change ccid-driver.c and pcsc-wrapper.c just for the data
> object 0x7f21.  So, I have investigated if there are some use case for
> this data object.  I had thought that it were used by Scute and Poldi,
> but I couldn't find any use case in the code.
> In my opinion, it would be better to define EF (elementary file)
> instead of DO for large data, so that it can be accessed by
> --
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at

More information about the Gnupg-devel mailing list