scdaemon support for SmartCard-HSM

Andreas Schwier at
Fri Jul 18 16:44:42 CEST 2014

Hi list,

we've added support for the SmartCard-HSM to scdaemon. Please find the
patch that applies to master at [1].

The driver allows read/only operations with keys and certificates on a
SmartCard-HSM. To generate keys and certificates please use OpenSC, XCA
or the tools in OpenSCDP.

There are three issues left that we couldn't resolve

1. Signing with ECDSA: Apparently gpgsm puts the wrongs (RSAEncryption)
algorithm identifier in SignerInfo when using ECDSA. As a result
verification of the CMS fails with "conflicting use".

2. At least on Kubuntu the PIN callback to prompt the user to enter the
PIN at the reader PIN PAD does not work. gpgsm is reporting an invalid
IPC call. Working directly with scdaemon does not have the problem.

3. Apparently kleopatra only support TCOS card. It's unclear to my why
this restriction is in place.



More information about the Gnupg-users mailing list