Revised patch to support the SmartCard-HSM in scdaemon
gniibe at fsij.org
Thu Jul 9 10:52:39 CEST 2015
Thank you for your prompt reply.
I am talking about GnuPG 2.1.
I think that, even now, it is possible to use gpg-connect-agent
command to sign/deciper using SmartCard-HSM.
On 07/09/2015 04:32 PM, Andreas Schwier wrote:
> the SmartCard-HSM driver only works with gpgsm. When we wrote the
> driver, there was a limitation in gpg that prevented the use of anything
> else than a card compliant with the OpenPGP Card specification .
> If that situation has been resolved, then I'm more than happy to make
> the SmartCard-HSM available as key store for GnuPG keys.
It is not fully resolved yet (it's on going). As I addressed in the
previous mail, some external tool would be required to create OpenPGP
key which is associated to a private key in SmartCard-HSM.
If SmartCard-HSM has capability to show its public key to its users,
please implement READKEY method in app-sc-hsm.c. Then, it will be
possible to write such an external tool.
Combined together, I believe that gpg frontend will be able to use
SmartCard-HSM as a backend of private key operation for OpenPGP
(possibly, a small change would be required, but not that difficult).
Given the situation GnuPG 2.1 supports ECC, it would be interesting
if a user can use SmartCard-HSM as a key store of ECC. :-)
More information about the Gnupg-devel