PKCS#11 support for gpg-agent

Alon Bar-Lev alon.barlev at
Fri Sep 2 17:21:06 CEST 2005


> I think this is a misunderstanding. gpg 1.9 is not about _migration_ to
> S/MIME, it's about _adding_ S/MIME to gpg. There is no reason why gpg
> 2.0 would not support OpenPGP. What is true, though, is that so far, gpg
> 1.9 was only about adding S/MIME to gpg. But AFAIK it is the goal to
> merge gpg 1.4 with gpg 1.9.

Yes... But why? What was the reason to work so hard in adding 
The answer for my opinion is that IT IS A STANDARD!!!
Likewise PKCS#11 is a standard to access cryptographic tokens.

When PGP was invented there WAS NO standard to send and 
receive signed and encrypted messages, so PGP have implemented 
a proprietary method.
Then, PGP tried to propose it as a standard... OpenPGP... But 
they have failed... It was not widely adopted...
S/MIME was the standard adopted by the world, and PGP and gpg 
had to catch up.
I thing one should learn from history and not invent any new 
standard, especially when such already exists, implemented and 

>>>I don't meant to write another agent.  Write a pkcs#11 driver which
>>>uses gpg-agent as its token.
>>This is the WRONG WRONG WRONG approach!!!!!!!
> Why? The _only_ purpose of gpg-agent is to ask you for a password and to
> keep that password in memory. You could use gpg-agent for _any_
> application that requires a password.

No... the purpose of gpg-agent is to allow gpg to access 
private (secret) keys that are located in different physical 
location such as smartcards...
 From my point of view this is THE MAJOR feature of gpg-agent...

Best Regards,
Alon Bar-Lev.

More information about the Gnupg-users mailing list