OpenPGP Card

Alon Bar-Lev alon.barlev at
Tue Sep 6 14:03:50 CEST 2005

Lionel Elie Mamane wrote:

> I thought we were talking about PKCS#11 "drivers" for specific cards, and
that you had to link this driver into your program (dynamically
> at run-time) in order to use it. That _driver_ would be gpl-incompatible.

PKCS#11 is a standard it is not vendor specific, please refer to so that your answers
will be correct.

So if PKCS#11 is an API specification that every smartcard/HSM/Software who
manages cryptographic keys supports, by means of developing a shared
library/DLL that implement the standard, is it OK for GPLed program to load
and interact with this library.

NOTICE: Since the application does not know which cryptographic token is
used by the user, the usage of the library MUST be done at runtime. There is
stick interface for these libraries which is described in PKCS#11 standard.

We need a definite answer here... So the licensing argument will be out of
the way...

Some of my thoughts... And comments for your position.

A standard is a standard... And it is not matter if it describers an API, a
protocol, a command-line, a format or any other interface.
As long as there is no intellectual rights claims for the implementation of
the standard, it can be used by GPL.

Hence... HTTP is a standard (RFCXXX, protocol), PKCS#11 is a standard (RSA,
API), S/MIME is a standard (RFC, format) etc... There is not difference
between them in term of implementing a compliance software.

Best Regards,
Alon Bar-Lev.

More information about the Gnupg-users mailing list