PKCS#11 support for gpg-agent

Patrick Brunschwig patrick at
Fri Sep 2 16:06:35 CEST 2005

Hash: SHA1

Alon Bar-Lev wrote:
> Werner Koch wrote:
>>> you have a problem only with PKCS#11...
>> Because it is such an ugly "standard"  [the quotes are on purpose].
> I am sorry to read that... I think it is a good standard... Just like
> any RSA Security
> PKCS#* standard... at least it is a standard that most programmers agree
> on...
> I don't understand why you guys did not rewritten the PKCS#7, PKCS#1,
> PKCS#8, PKCS#9
> standards... And maybe to stay with PGP standard and not migrating to
> S/MIME...
> The whole new work of gpg 1.9 was to migrate to S/MIME... Why!?!?!?!
> You could have been very happy in your close PGP format world.
> Even if the standards are ugly, they at least work!

I think this is a misunderstanding. gpg 1.9 is not about _migration_ to
S/MIME, it's about _adding_ S/MIME to gpg. There is no reason why gpg
2.0 would not support OpenPGP. What is true, though, is that so far, gpg
1.9 was only about adding S/MIME to gpg. But AFAIK it is the goal to
merge gpg 1.4 with gpg 1.9.

>>> When user buys it's email signature/encryption certificate he expects
>>> to be
>>> able to use it in
>>> all smartcard enable applications... PKCS#11 provides this ability,
>>> and is
>> Yes he expects this and will soon see that it was just an expectation.
> I am afraid you are totally wrong here... I hope you will wake up
> some-day...
> I am responsible of replacing software/suggest correct software for
> using smartcards.
> Currently gpg is on my black list... And because of this I tried to talk
> with  you first to make
> you understand what you do wrong...
> It seems that I've failed!
> You don't understand or don't want to understand what the user expects,
> so you fail to
> provide it.
>>> Yes, I know that I can write my own agent... But I still think it
>>> will be a
>>> mistake.
>> I don't meant to write another agent.  Write a pkcs#11 driver which
>> uses gpg-agent as its token.
> This is the WRONG WRONG WRONG approach!!!!!!!

Why? The _only_ purpose of gpg-agent is to ask you for a password and to
keep that password in memory. You could use gpg-agent for _any_
application that requires a password.

- -Patrick
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird -


More information about the Gnupg-users mailing list