OpenPGP Card

Alon Bar-Lev alon.barlev at gmail.com
Fri Sep 2 17:45:53 CEST 2005


Joerg Schmitz-Linneweber wrote:
> Hi Alon!
> 
> I would like to see support for PKCS#11 too but...
> (won't elaborate on this now ;-)

I will be glad if you will...
It seems that I am the only one that don't understand gpg 
motivation.

> 
> Regarding the "open-ness" of OpenGPG: Why do you (and Benjamin) think its not 
> open (enough)?
> The specs are there and you are free to implement "both sides" of the (smart) 
> card.
> For me the specs allow(ed) it to try implementing OpenGPG on a IBM JavaCard 
> (and it *would* be possible to have a JavaCard implement OpenGPG in parallel 
> to PKCS#11...)
> 
> Just my 2cts... Salut, Jörg
> 

This is EXACTLY the problem.
If you have a RSA private key and X.509v3 certificate that 
refers to the public key, you expect this key to be shared 
among all applications that you use.

If you had to write an separate applet and provider for each 
application you make the cost of smartcard integration 
EXTREMELY high!

On the other hand, if you implement a software API for 
accessing a generic smartcard, then you don't need to 
implement any special software in order to use smartcard type 
A or smartcard type B.

This is all PKCS#11 is about (Or Microsoft CSP in Windows 
environment...) It provides a generic API to access 
cryptographic tokens. Most smartcard vendors, including IBM, 
provide PKCS#11 library that communicates with their card.

PKCS#11 application can benefit from it as well as the user... 
No proprietary code should be written in order to make your 
software work with your hardware.

Best Regards,
Alon Bar-Lev.



More information about the Gnupg-users mailing list