PKCS#11 support for gpg-agent

Werner Koch wk at
Fri Sep 2 18:09:45 CEST 2005

On Fri, 02 Sep 2005 18:21:06 +0300, Alon Bar-Lev said:

> Yes... But why? What was the reason to work so hard in adding S/MIME?
> The answer for my opinion is that IT IS A STANDARD!!!

I am sorry to correct you.  No mental sane hacker would voluntary
implement X.509 stupidity.  The reason why we wrote gpgsm was real
trivial: We have been convinced by means of money to undertake this.

> When PGP was invented there WAS NO standard to send and receive signed
> and encrypted messages, so PGP have implemented a proprietary method.

PEM dates back to 1987 (rfc989) quite some years before PGP was

> Then, PGP tried to propose it as a standard... OpenPGP... But they
> have failed... It was not widely adopted...

It may not be widely adopted but nevertheless it is the standard to
make sure that confidential information can be send over the Internet.
It is used all over the Net and major industry players are using it
and even requring that suppkiers are using PGP.  

The IETF has not decided whether OpenPGP or S/MIME will be the
preferred standard.

> No... the purpose of gpg-agent is to allow gpg to access private
> (secret) keys that are located in different physical location such as
> smartcards...
>  From my point of view this is THE MAJOR feature of gpg-agent...

The major feature is to encapsulate operations involving a private key
into one modul - optionally to be run on a different device.  For
practical reasons gpg-agent also allows the use of smartcards.  The
passphrase caching is a bonus so that no second tool (like Quintuple
Agent) is needed for gpg versions which are not yet able to delegate
private key operations to the agent.



More information about the Gnupg-users mailing list