OpenPGP Card

Alon Bar-Lev alon.barlev at
Fri Sep 2 19:46:33 CEST 2005

Werner Koch wrote:
> On Fri, 02 Sep 2005 18:45:53 +0300, Alon Bar-Lev said:
>>environment...) It provides a generic API to access cryptographic
>>tokens. Most smartcard vendors, including IBM, provide PKCS#11 library
>>that communicates with their card.
> Again: Feel free to provide one.  The only thing you need is libassuan
> to connect to gpg-agent.  libassuan is even under LGPL so you can use
> it with any kind of application - just put it into a shared library.

1. Athena smartcard provides Linux 
and Windows PKCS#11.
2. Algorithmic Research smartcard provides 
Linux and Windows PKCS#11.
3. Aladdin smartcard using opensc.
4. nCipher HSM
5. SafeNet HSM

I can find more...
You can refer to opensc and see some more (I didn't tried them)...
Then you can use the opensc PKCS#11 library

> If something should be missing in gpg-agent to implement this, I will
> help by adding the required facilities.  However, I don't have the
> time to write a pkcs#11 library for gpg-agent/scdaemon for free.  If
> this is that important for you and you don't want to do it yourself,
> well ask me at my company address.

I don't understand why you keep insisting of writing a 
library... You need to use a library not implement one.

All you need to do is to use several PKCS#11 methods:
1. login, find correct object, perform decryption (RSA), logout.
2. login, extract X509 certificates, logout.

May I understand that you agree that gpg-agent should support 
PKCS#11 as a mean to interact with cryptographic tokens?

This was my original request... The when and how can be 
determine... But I will be glad if we can agree that it should 
be done...

Best Regards,
Alon Bar-Lev.

More information about the Gnupg-users mailing list