OpenPGG Card

Zeljko Vrba zvrba at globalnet.hr
Mon Sep 5 16:38:05 CEST 2005


Peter Gutmann wrote:
>
> I'd already offered the use of my PKCS #11 interface code from cryptlib for
> GPG use some time ago.  This should do everything you need and has had years
> of tuning to work with all the bugs in various PKCS #11 drivers, it's vastly
> easier than going through the entire learning curve yourself.
>
That's correct, it was my proposal in question. The problem is that,
under Linux, I couldn't find a smart-card + PKCS#11 combination that
works correctly enough (out of the box) to be usable with cryptlib.

GPG needs at three different keys and static data storage. I have a
patch emulating static data storage, enabling the use of pre-generated keys.

I don't remember exactly all the details, but I did disregard cryptlib
for some reason (not because of its quality which is superb, but because
of the state of.. smart-card and PKCS#11 issues on Linux).

For interested parties in this thread:

OpenPGP Java card applet (almost finished):
http://www.core-dump.com.hr/index.pl?node_id=421

Patch that enables the use of any smart-card with GnuPG. It allows the
use of cards with pregenerated keys and uses an auxiliray file to feed
metadata into GnuPG (I'm assuming a read-only token). Signing works
correctly.

http://www.core-dump.com.hr/software/gnupg-1.3.92-pkcs11.patch
http://www.core-dump.com.hr/software/gnupg-1.3.92-pkcs11.patch.asc

There is a g10/p11howto.txt describing how to use it. I've given up on
maintaining it because of Werner's attitude towards PKCS#11. If someone
else wants to maintain it - be welcome. I will provide you some help if
neccessary.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050905/c0700e81/signature.pgp


More information about the Gnupg-users mailing list