PKCS#11 in GnuPG (yes, again!)

Concerned User veryconcerneduser at
Fri Jul 15 21:35:28 CEST 2011

GnuPG-devel and *especially* WK,

As many of you are well-aware, PKCS#11 is the de-facto standard for working
with cryptographic keys.  Some zealots would try to have you believe that
this is only the case outside of the "free software world."  (What the
bloody heck does that mean, anyway?  Since when is free software mutually
exclusive to the rest of the planet?  What a load.)

Most people hold sane ideas about PKCS#11.  These people include the
developers of illustrious libre-software such as OpenSSL, Mozilla and
virtually every piece of GPL'd code that accesses cryptographic keys.  Many
of you might be thinking "Well, what's the problem, then?"

I'll tell you the problem: antiquated ideas.  The reason why PKCS#11 is not
supported is because of the ideology of one person, Mr. Werner Koch.  Long
time readers of this list know full well that this is the case as *many*
users have written in befuddled by the lack of support only to be confronted
by baseless opinion.

If the OpenPGP card (a glorious, wonderful piece of kit) is ever going to
make it out of almost-complete obscurity, PKCS#11 must be implemented in
GnuPG-stable.  If we want to push free software in the modern computing
world, we must not be stuck in the mud, forsaking globally implemented

Currently, there are two projects which seek to remedy this.  There is a
GPL'd gnupg-pkcs11-scd project which is hardly supported and barely
documented. There is also a library from Dr. Peter Koch of which
is fully proprietary although (beer) free for OpenPGP card users.  Neither
solution is befitting of the OpenPGP card or its users.  We deserve better.
 The community and the free software world deserves interoperable software
and solutions that can be integrated into favorite projects.  To see the
hindrance this is causing, one need look no further than: <>.

Gentlemen and gentlewomen, I hope that you heed my call for reform inside
the GnuPG project.  It is atrocious that open software and open standards
are being fractured into multiple projects, resulting in a hodgepodge of
semi-working, poorly documented and hackish solutions.  Let us make real
progress in the adoption of GnuPG and OpenPGP smart card cryptography by
adopting the worldwide standard of PKCS#11.

(I am posting this anonymously because the *who* should not matter in this
case.  Consider this my anonymous treatise now nailed to the door of this

Best regards and FSM-speed in fixing this debacle,

One VERY Concerned User
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110715/c2480f2f/attachment.htm>

More information about the Gnupg-devel mailing list