PKCS #11 support for OpenPGP public keys

Rick van Rein rick at openfortress.nl
Tue Feb 2 14:51:43 CET 2016


Hi,

Since I was posting on PKCS #11 and OpenPGP, perhaps this may also be of
interest:

I wrote an extension proposal for storage of OpenPGP transferrable
public keys in PKCS #11,
http://openfortress.nl/doc/spec/pgp-in-pkcs11/

This is implemented in SoftHSMv2; other HSM vendors should find it
interesting as well.  At some point we're hoping to get it incorporated
into the standard.

Why?  Unlike X.509 certificates, several attributes for OpenPGP keys
must be modifiable.  And we need CKC_OPENPGP to know how to interpret
the binaries as OpenPGP public keys.

Cheers,
 -Rick



More information about the Gnupg-devel mailing list