support for non-openpgp cards

Zeljko Vrba zvrba at globalnet.hr
Thu Nov 18 19:59:39 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Prágai, Róbert wrote:

| Hi Zeljko,
|
| big welcome for the pkcs11 patch for gnupg! We use cryptoflex
| e-gate 32k cards here and planned to make such a patch, too. You
| were the quicker:) My question: is the MUSCLE pkcs11 library
| required for this patch or any other pkcs11 (e.g. opensc-pkcs11)
| library will do the job?
|
|
I believe that any PKCS#11 implementation for that card should work in
theory.

Unfortunately, I have seen few PKCS#11 implementations (even
commercial) that correctly implement PKCS#11 spec in all relevant
aspects. So that supporting different PKCS#11 _implementation_ (even
for the same card) could result in big code changes..

So, what _in theory_ should be ONE source, _in practice_ that source
gets many #ifdefs for various PKCS#11 implementations.. :(

Even my implementation has flaws that I described in my first mail
(what I believe are bugs in MUSCLE PKCS#11 implementation). So the
only way to find out if it will work with OpenSC is to TRY and see if
it works. If it doesn't work, debug :)

I don't have much time to spend on this, but I'll give OpenSC a try
for the weekend and post the results.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBnPEaUIHQih3H6ZQRA0DeAKDI9dcpDPWSB4nNLxHPw1f88FcP+ACfeh5K
OP0nb2OsADRrx/O8oRqkVwU=
=8F20
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list