[Gpg4win-devel] GnuPG with internal CCID driver

Werner Koch wk at gnupg.org
Fri Jul 27 09:35:04 CEST 2018

On Thu, 26 Jul 2018 13:19, uri at mit.edu said:
> For MacOS, if 'disable-ccid' in 'scdaemon.conf' works - it would address my concerns. 

It should definitely work because that is the usual Unix code.

> I do not know the consequences of shipping CCID driver on
> Windows. Since in my world people must use PIV tokens on Windows as

I have seen that PIV certs can be used with ssh.  This should also work
with GnuPG but we could make that even easier.  Do you know whether it
is possible to get a specimen of such a card or at least sample
certificates as they would be stored on the card?

> I'd like to mention my other wish - that 'enable-shared' parameter is
> added to scdaemon.conf to allow sharing of the token between GnuPG,

My usual response for that is that we cache DO from the card due to the
slow card I/O and thus shared access may invalidate our idea of the
card's state.  The real solution is to have other users scdaemon's API
to exchange APDUs with the card - but well, other tools can demand the

Given that our internal CCID driver has a greater flexibility and better
control of pinpads we may now consider to use drop the use of the
exclusive mode in PC/SC along with a warning in the manual that this may
have have unwanted side-effects.  Gniibe: What do you think?



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180727/dce286ee/attachment.sig>

More information about the Gnupg-devel mailing list