Revised patch to support the SmartCard-HSM in scdaemon

NIIBE Yutaka gniibe at
Thu Jul 9 10:52:39 CEST 2015

Thank you for your prompt reply.

I am talking about GnuPG 2.1.

I think that, even now, it is possible to use gpg-connect-agent
command to sign/deciper using SmartCard-HSM.

On 07/09/2015 04:32 PM, Andreas Schwier wrote:
> the SmartCard-HSM driver only works with gpgsm. When we wrote the
> driver, there was a limitation in gpg that prevented the use of anything
> else than a card compliant with the OpenPGP Card specification [1].
> If that situation has been resolved, then I'm more than happy to make
> the SmartCard-HSM available as key store for GnuPG keys.

It is not fully resolved yet (it's on going).  As I addressed in the
previous mail, some external tool would be required to create OpenPGP
key which is associated to a private key in SmartCard-HSM.

If SmartCard-HSM has capability to show its public key to its users,
please implement READKEY method in app-sc-hsm.c.  Then, it will be
possible to write such an external tool.

Combined together, I believe that gpg frontend will be able to use
SmartCard-HSM as a backend of private key operation for OpenPGP
(possibly, a small change would be required, but not that difficult).

Given the situation GnuPG 2.1 supports ECC, it would be interesting
if a user can use SmartCard-HSM as a key store of ECC. :-)

More information about the Gnupg-devel mailing list