PKCS#11 support for gpg-agent

Werner Koch wk at
Wed Aug 17 09:57:08 CEST 2005

On Mon, 15 Aug 2005 09:02:38 +0200, Alon Bar-Lev said:

> PKCS#11 is a standard specifying how to access cryptographic token.
> Must smartcard vendors provide PKCS#11 library that allow simple 
> smartcard integration with applications.

For legal reasons you are anyway not allowed to use almost all of them
with GPL software.  So it does not make any sense to support it.

> Mozilla, Firefox, Thunderbird and now Java support PKCS#11 standard in 
> order to access cryptographic tokens, gives these software an edge in 
> smartcard integration.

Writing a pkcs#11 module to connect Mozilla with GnuPG is possible and
actually on my whish list.

> But then I've seen that only proprietary smartcard tokens are supported 
> (directly) and ssh-agent... No standard way to access external 

Proprietary?  We use a card specification which is entirely open and
may be implemented without fearing legal department actions.  There
are not that many open specifications. (Don't say pkcs#15 - this is
just a framework)

> I will be glad to discuses the need of implementing PKCS#11 support for 
> gpg-agent, and helping in the implementation process...

Pretty easy to write, the interface of gpg-agent is documented.
gpgsm and gpg are expample on how to use it.  gpg-connect-agent may
even be used to script to this interface.



More information about the Gnupg-users mailing list