PGP and Smartcards?

Zeljko Vrba zvrba at globalnet.hr
Fri Jul 22 22:42:20 CEST 2005


Werner Koch wrote:
> On Fri, 22 Jul 2005 19:01:57 +0200, Felix E Klee said:
>>Uh, I guess this would cost me too much time.  One solution, though,
>>would be to buy a JavaCard and try to run and enhance the OpenPGP Java
>>implementation that was started by Zeljko Vrba [3].
>
> Java cards do have some restrictions which don't allow to implement
> ISO commands.
>
I would disagree on that. Java Card is totally programmable and if you
want you can implement the complete ISO7816 command set (as far as the
hardware permits, of course). The downside is that you will have to
implement your own filesystem, etc, but it is doable.

Returning to the topic - to make JavaCard functional with GPG you don't
need to implement the whole ISO7816. Just the commands defined by the
spec. There are no limitations in the JavaCard platform itself that
would prevent writing a fully functional, OpenPGP-compliant applet.

Why I didn't finish the development - because I've found some
discrepancies between the GPG code, OpenPGP card spec and the PKCS#1
padding spec. Added to that that the Sun's cref EMULATOR doesn't support
raw PKCS#1 (so that I could do and test my own padding in the applet)..
I did not want to write code I couldn't test.

In the mean time I've switched interests, but maybe I afford myself a
JCOP card trial kit (http://www.zurich.ibm.com/jcop/news/news.html) and
get the thing finished. Now it does only signing and handles the on-card
user data.

BTW, that "maybe" is not about the money (JCOP toolkit is not very
expensive), but a matter of time. And when that "maybe" will happen I
can't tell.

Felix, if you wish to finish the applet yourself, I can help you a bit
with the existing code, if you need help.

Best regards,
   Zeljko.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050722/65ffd753/signature.pgp


More information about the Gnupg-users mailing list