PKCS#11 support for gpg-agent

Werner Koch wk at
Fri Sep 2 13:14:36 CEST 2005

On Wed, 31 Aug 2005 09:46:08 +0200, Alon Bar-Lev said:

> I still don't understand where is the licensing problem of using PKCS#11 in
> a GPLed application.

Most pkcs#11 stuff is not GPL compatible.  

> This makes gpg UNUSABLE with smartcards, and I regret this fact.

Despite the fact that it is used on a regular base by hundreds of
users.  Check scd/app-*.c to see what cards are supported.  Well, to
support a card (-application) the specs of the card are required to be
available w/o an NDA.

> Opensc uses PKCS#11 and is release under LGPL 2.1, although it LGPL I don't
> see any reason
> why the "L" is PKCS#11 depended

OpenSC is not usable because it links to OpenSSL which is legal for
LGPL but not when you want to use it with GPL code.

> you have a problem only with PKCS#11...

Because it is such an ugly "standard"  [the quotes are on purpose].

> When user buys it's email signature/encryption certificate he expects to be
> able to use it in
> all smartcard enable applications... PKCS#11 provides this ability, and is

Yes he expects this and will soon see that it was just an expectation.

> Yes, I know that I can write my own agent... But I still think it will be a
> mistake.

I don't meant to write another agent.  Write a pkcs#11 driver which
uses gpg-agent as its token.



More information about the Gnupg-users mailing list