PKCS#11 support for gpg-agent

Werner Koch wk at
Fri Sep 2 17:56:30 CEST 2005

On Fri, 02 Sep 2005 15:30:29 +0300, Alon Bar-Lev said:

>> Most pkcs#11 stuff is not GPL compatible.
> But it does not say that GPLed software cannot use PKCS#11 interface
> in order to access none GPLed tokens!

Read the GPL again and you will see that this is not possible.

> I am sorry to read that... I think it is a good standard... Just like
> any RSA Security
> PKCS#* standard... at least it is a standard that most programmers

like PKCS#12 :-)

> I don't understand why you guys did not rewritten the PKCS#7, PKCS#1,
> PKCS#8, PKCS#9

pkcs#7 is nowadays called CMS.  It is used by gpgsm.  pkcs#1 is even
part of OpenPGP.

> The whole new work of gpg 1.9 was to migrate to S/MIME... Why!?!?!?!
> You could have been very happy in your close PGP format world.
> Even if the standards are ugly, they at least work!

Depends on the standard.

> I am responsible of replacing software/suggest correct software for
> using smartcards.
> Currently gpg is on my black list... And because of this I tried to

As said in my other mail to gnupg-devel: If you have a commercial
interest. talk to me about implementing pcsk#11 - but don't expect to
get something for free.  I have laid out the path on how to implement
a pkcs#11 library to make use of gpg-agent/scdaemon as a token.  It is
also possible to write a pkcs#11 thingy for just that card.

>> I don't meant to write another agent.  Write a pkcs#11 driver which
>> uses gpg-agent as its token.
> This is the WRONG WRONG WRONG approach!!!!!!!

Well, my opinion is different.



More information about the Gnupg-users mailing list