OpenPGP Card

Alphax alphasigmax at
Tue Sep 6 16:18:45 CEST 2005

Zeljko Vrba wrote:
> Alphax wrote:
>> Zeljko Vrba wrote:
>>> Joe Smith wrote:
>>>> For example, your CA can revoke your key leaving you with one key that
>>>> is invalid X.509, but valid OpenPGP? Yuck!
>>> Using the X.509 cert and OpenPGP public key (having the same private
>>> key) could be useful in the following scenario:
>> Is that even allowed??
> In what sense allowed? PKCS#11 know nothing about policies.. It just
> exposes a set of objects on the card (certificate, public and private
> keys and maybe some other data objects along with certificates).

It terms of using the same generic public/private keypair... how does
that work?

> The application is free to do whatever it wants with these objects,
> given sufficient authentication to the card (PIN). Technically, there is
> nothing CA can do to prevent you to use your X.509 keys as OpenPGP keys.

I think I might have seen something like that with a Thawte Freemail
root certificate or something... it wasn't pretty :(

(eh, I think I just answered my own question, but I still don't "get it"...)

Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards    |   / \

More information about the Gnupg-users mailing list