using an OpenPGP card with Java (keytool and jarsigner)

Hans-Christoph Steiner hans at
Tue Jan 7 15:32:45 CET 2014

NdK wrote:
> Il 07/01/2014 04:01, Hans-Christoph Steiner ha scritto:
>> Does anyone know if there is any chance of using an OpenPGP smart card for
>> Java?  I know that GnuPG doesn't support PKCS#11, but I was wondering if
>> things work the otherway around: java using the OpenPGP card.  It would be
>> super useful to be able to use the same smartcard for both Android APK signing
>> and OpenPGP signing.
> IIRC there is an OpenSC "driver" for OpenPGP cards, that makes 'em
> accessible throught PKCS#11.
> Seems it's quite old... Maybe if you want to take over developement...
> BYtE,
>  Diego.

opensc's support for the OpenPGP card has improved quite a bit in 0.13, it
seems.  There is now full write support and a specific 'openpgp-tool' even:

I don't need write support at all, I just want to get keytool to use the
OpenPGP card as a PKCS11 keystore.  It seems that things are close: Java can
use NSS as a provider of PKCS11.  I guess the question is whether opensc is
making a PKCS#11 interface to the OpenPGP card, that's the bit that I don't
fully understand.

Once I figure this out, my plan is to integrate my work into the relevant
Debian packages, and then promote the use of the OpenPGP card for Android APK
signing keys.


PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Gnupg-users mailing list