Fwd: scdaemon support for SmartCard-HSM

Andreas Schwier andreas.schwier.ml at cardcontact.de
Mon Jul 21 10:13:58 CEST 2014

Sorry, posted this to the wrong list.

The third issue we've already resolved. Apparently kleopatra works with
any card supported by scdaemon. It just supports some additional PIN
functions for TCOS cards, not available for others.


-------- Original Message --------
Subject: scdaemon support for SmartCard-HSM
Date: Fri, 18 Jul 2014 16:44:42 +0200
From: Andreas Schwier <andreas.schwier.ml at cardcontact.de>
To: gnupg-users at gnupg.org

Hi list,

we've added support for the SmartCard-HSM to scdaemon. Please find the
patch that applies to master at [1].

The driver allows read/only operations with keys and certificates on a
SmartCard-HSM. To generate keys and certificates please use OpenSC, XCA
or the tools in OpenSCDP.

There are three issues left that we couldn't resolve

1. Signing with ECDSA: Apparently gpgsm puts the wrongs (RSAEncryption)
algorithm identifier in SignerInfo when using ECDSA. As a result
verification of the CMS fails with "conflicting use".

2. At least on Kubuntu the PIN callback to prompt the user to enter the
PIN at the reader PIN PAD does not work. gpgsm is reporting an invalid
IPC call. Working directly with scdaemon does not have the problem.

3. Apparently kleopatra only support TCOS card. It's unclear to my why
this restriction is in place.



Gnupg-users mailing list
Gnupg-users at gnupg.org

More information about the Gnupg-devel mailing list