PKCS #11 support for OpenPGP public keys

Rick van Rein rick at
Tue Feb 2 14:51:43 CET 2016


Since I was posting on PKCS #11 and OpenPGP, perhaps this may also be of

I wrote an extension proposal for storage of OpenPGP transferrable
public keys in PKCS #11,

This is implemented in SoftHSMv2; other HSM vendors should find it
interesting as well.  At some point we're hoping to get it incorporated
into the standard.

Why?  Unlike X.509 certificates, several attributes for OpenPGP keys
must be modifiable.  And we need CKC_OPENPGP to know how to interpret
the binaries as OpenPGP public keys.


More information about the Gnupg-devel mailing list