using an OpenPGP card with Java (keytool and jarsigner)

Sean Lynch seanl at
Fri Jan 17 18:37:52 CET 2014

Scute accesses the card via either scdaemon or gpg-agent (I can't remember
which and I'm on my phone), so you don't need to release the card and
reenter your PIN to switch back and forth between PKCS#11 and gpg/gpgsm.
However, it's a minimal implementation of the parts of the API necessary
for X.509 auth in Firefox, so I have no idea what else it might work for in
its present state. I plan to try it with OpenVPN pretty soon.
On Jan 17, 2014 7:44 AM, "Hans-Christoph Steiner" <hans at>

> On 01/17/2014 03:05 AM, Werner Koch wrote:
> > On Fri, 17 Jan 2014 02:24, seanl at said:
> >
> >> Scute works great with Firefox, but keep in mind it requires gpg-agent
> (or
> >
> > Sure.  That is the whole point of the exercise.
> >
> >> at least scdaemon). AFAIK it's not intended to work with anything other
> >> than Firefox right now. I've been meaning to try it out with
> wpa_supplicant
> >
> > Well, it has not been tested with anything else.  However, it implements
> > the pkcs#11 interface properly for signature keys and Marcus even came
> > up with a free and readable implementation of the pkcs11 header file.
> >
> >> The code seems fairly straightforward and it comes with documentation
> for
> >> spying on the PKCS#11 calls to help troubleshoot the implementation, so
> >> even if it doesn't work it may not require too much hacking to make it
> >
> > Right.  I would love to see a new maintainer for it.  If there are any
> > GnuPG related problems I will for sure help with it.
> How does scute's PKCS#11 support differ from OpenSC's?  If the OpenPGP
> card is
> supported by opensc, is that providing the same thing as scute?  I already
> have Java's keytool talking to the OpenPGP card via OpenSC, I just can't
> get
> it to sign something yet.
> .hc
> --
> PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140117/8bbf75d2/attachment.html>

More information about the Gnupg-users mailing list