OpenPGP Card source

David Tomaschik david at
Thu Mar 3 20:44:35 CET 2011

I suppose this begs the question -- since the card has access to raw
keys, how confident can we be that no back doors exist in the card?
(I don't think there are, this is more of an academic question.)


On Thu, Mar 3, 2011 at 1:40 PM, Werner Koch <wk at> wrote:
> On Thu,  3 Mar 2011 16:28, Lists.gnupg at said:
>> Is the source code that lives in the OpenPGP card, v2.0, as implemented
>> in the Kernel Concepts/Zeitcontrol version, available anywhere for
>> review?
> No, it is not available.  The smart card OS is - as usual - proprietary.
> Achim Pietig wrote the implementation for the commonly used card using a
> chips featuring the Zeitcontrol smartcard OS.  There are a few other
> vendors using the specification to write their own card.  This is
> proprietary.
> Only recently Gniibe came up with a free implementation for a micro
> controller; the Gnuk token.  I heard that the Crypto Stick 2.0 will have
> a free implementation for a real smartcard chip.
>> I have looked on their respective websites, as well as g10 code and the
> Let me clarify the involvement of my company g10 Code in the OpenPGP
> card stuff: I worked with Achim (who never worked for g10 Code) on the
> specification for the card.  My goal was to have an easily available
> specification for a card we could support in GPG.  Eventually we
> implemented that specification.  And of course this host part is free
> software.  Having the logo of g10 Code on the card does only mean that
> we take care of the host part and helping with the specs - and well some
> free advertising.  We would be glad if we could help with a free
> implementation.  However, that would take up a lot of time - time we can
> only spend as part of a paid project.
> Shalom-Salam,
>   Werner
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
david at

More information about the Gnupg-users mailing list