scdaemon support for SmartCard-HSM

Werner Koch wk at gnupg.org
Mon Jul 21 15:16:26 CEST 2014


Hi Andreas,

On Fri, 18 Jul 2014 16:44, andreas.schwier.ml at cardcontact.de said:

> we've added support for the SmartCard-HSM to scdaemon. Please find the
> patch that applies to master at [1].

If you want me to apply that patch please read doc/DETAILS on how to
send a DCO. (I'd appreciate a sample card for testing but that is not a
requirement).

Some quick remarks:

If you took anoyher app-*.c as template, please add all the copyright
lines from that file and add your own copyright line (unless you have an
assignbment for GnuPG with the FSF)

Lines should in general not be longer that 80 characters, I spotted one
or two which are longer.

Someone needs to proofread the code of course ;-)


> 1. Signing with ECDSA: Apparently gpgsm puts the wrongs (RSAEncryption)
> algorithm identifier in SignerInfo when using ECDSA. As a result
> verification of the CMS fails with "conflicting use".

I doubt that gpgsm really support ECC.  Thus such problems are to be
expected.

> 2. At least on Kubuntu the PIN callback to prompt the user to enter the
> PIN at the reader PIN PAD does not work. gpgsm is reporting an invalid

GnuPG does this on itself - no need for a callback.  Well, it should do
that.   What pinentry are you (Kubuntu) using?

> 3. Apparently kleopatra only support TCOS card. It's unclear to my why
> this restriction is in place.

The contract specified that card and thus Kleopatra did a minimal job to
fulfill the requirements.  For better card support you should use GPA
(you may want to add support for your card there as well).


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list