PKCS#11 support for gpg-agent
alon.barlev at gmail.com
Fri Sep 2 17:21:06 CEST 2005
> I think this is a misunderstanding. gpg 1.9 is not about _migration_ to
> S/MIME, it's about _adding_ S/MIME to gpg. There is no reason why gpg
> 2.0 would not support OpenPGP. What is true, though, is that so far, gpg
> 1.9 was only about adding S/MIME to gpg. But AFAIK it is the goal to
> merge gpg 1.4 with gpg 1.9.
Yes... But why? What was the reason to work so hard in adding
The answer for my opinion is that IT IS A STANDARD!!!
Likewise PKCS#11 is a standard to access cryptographic tokens.
When PGP was invented there WAS NO standard to send and
receive signed and encrypted messages, so PGP have implemented
a proprietary method.
Then, PGP tried to propose it as a standard... OpenPGP... But
they have failed... It was not widely adopted...
S/MIME was the standard adopted by the world, and PGP and gpg
had to catch up.
I thing one should learn from history and not invent any new
standard, especially when such already exists, implemented and
>>>I don't meant to write another agent. Write a pkcs#11 driver which
>>>uses gpg-agent as its token.
>>This is the WRONG WRONG WRONG approach!!!!!!!
> Why? The _only_ purpose of gpg-agent is to ask you for a password and to
> keep that password in memory. You could use gpg-agent for _any_
> application that requires a password.
No... the purpose of gpg-agent is to allow gpg to access
private (secret) keys that are located in different physical
location such as smartcards...
From my point of view this is THE MAJOR feature of gpg-agent...
More information about the Gnupg-users