[Gpg4win-devel] GnuPG with internal CCID driver

Uri Blumenthal uri at mit.edu
Thu Jul 26 05:27:44 CEST 2018


Considering that there are popular cards on the market that contain multiple applets - OpenPGP and PIV in particular - shipping GnuPG with its own (internal) CCID driver world likely result in a disaster on MacOS. MacOS requires tokend (often provided by OpenSC) for most apps, and native pivtoken for Safari and Apple Mail (and for some system apps).

This is compounded by the nasty habit of GnuPG to open the token in exclusive mode (regardless of whether there are other applets on this token, or other apps that may need access - e.g., it wouldn't be unheard of to use a web browser and email client at the same time - and both need to access the token).

GnuPG is an important app - but, believe or not, there are other equally important apps that GnuPG must coexist with (for example, in my works a lot of email is S/MIME, and the vast majority of the protected web sites require PIV certs).

Sent from my test iPhone

> On Jul 25, 2018, at 22:41, NIIBE Yutaka <gniibe at fsij.org> wrote:
> 
> Jiri Kerestes <jiri.kerestes at trustica.cz> wrote:
>> I've done some hackery and I have a working w32 GnuPG build with libusb
>> support.
> 
> Great.
> 
>> I'm not very familiar with Gpg4win development history, so before I
>> dive into autotools to do this properly: is there any reason why
>> Gpg4Win shouldn't be shipped with libusb and internal CCID driver?
> 
> No good technical reason, just historical, I suppose.
> 
> In the past, I suggested using the internal CCID driver is better (also)
> for Windows and macOS, but no one has tried so far.
> 
> With the internal CCID driver, multiple cardreaders/tokens are
> supported.  So, it's good if we can do that on Windows.
> 
> If the configuration is not that complicated, I will be glad if we can
> put the internal CCID driver as a default for GPG4Win.
> 
> In my opinion, the only use case of scdaemon with PC/SC is that a person
> uses PC/SC for other purposes and cannot stop the service, or it
> requires some proprietary driver which works with PC/SC.
> 
> 
> Please note that I don't use Windows, at all.  So, my opinion would be
> irrelevant.  (All I do for Windows is cross-build of GnuPG for Windows.)
> -- 
> 
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel



More information about the Gnupg-devel mailing list