PKCS#11 support for gpg-agent

Alon Bar-Lev alon.barlev at
Mon Aug 15 09:02:38 CEST 2005


I know it is an old issue... But I think it is very important issue,
so I want to raise it again.

PKCS#11 is a standard specifying how to access cryptographic token.
Must smartcard vendors provide PKCS#11 library that allow simple 
smartcard integration with applications.

PKCS#11 implementation is not platform specific and is implemented for 
Windows, Linux etc...

I couldn't see any plans to support this standard, and could find some 
answers that suggest it will not be supported.

Mozilla, Firefox, Thunderbird and now Java support PKCS#11 standard in 
order to access cryptographic tokens, gives these software an edge in 
smartcard integration.

openssl have a gateway through open-sc to PKCS#11 tokens, but it is very
basic gateway that can only use private key objects on the token.

When I saw that in the new version gpg has gpg-agent I was very glad! I 
thought that finally a standard implementation to access cryptographic 
tokens will be implemented.

But then I've seen that only proprietary smartcard tokens are supported 
(directly) and ssh-agent... No standard way to access external 
cryptographic devices.

I will be glad to discuses the need of implementing PKCS#11 support for 
gpg-agent, and helping in the implementation process...

I think it is very important to have such support for any software that 
deals with cryptographic and secrets. gnupg falls into this category...

Best Regards,
Alon Bar-Lev

More information about the Gnupg-users mailing list