OpenPGPCar on JavaCard key import and large keys

Werner Koch wk at
Mon Aug 27 10:24:15 CEST 2007

On Sun, 26 Aug 2007 20:09, ged at said:

> I have tried to describe some none standard additions as well as use of
> the ENVELOPE command in a document included below. All of which I already
> have implemented (however not tested yet) in my Java Card implementation
> of the spec. Comments and suggestions are welcome.

I'll forward to Achim Pietig who maintains the specs.  We are already
collecting new features for a new revision.

> Any chance of actually geting support for it implemented in GnuPG?

Sure.  It just a matter of time.  I'd like to do this myself but I doubt
that I get to it in th next few months.  Other contributions are
welcome, but remember that we need to do some legal paper exchange with
the FSF.

> Are there any need, interest and/or use for further extensions to the
> card?  Maybe the possibility for OpenPGP certificate for the public key to
> be stored on card? Expand the card edge to make it have enough

Hmmh, mine is 81k - quite some stuff for a smartcard.  The size of the
OpenPGP keyrings was the thereason that went for the fingerprint
approach.  And weel, in almost all cases you need a net connection and
thus you can get trghe certificate/keblock online.

> functionality to be able to be used together with PKCS #11 (possible
> making a PKCS #15 compatible structure)?

Hey, it is already usable for with pkcs#11 ( and Alon's
alternative scdaemon).  

A design goal is to keep the specs from getting too complex - thus
pkcs#15 is nothing we should go for.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list