Help need to use truecryt + openpgp applet.

Matthias-Christian Ott ott at mirix.org
Sat Feb 21 03:01:51 CET 2015


On 2015-02-20 06:32, Ranjini H.K wrote:
> Yes i used Scute. No success with it. I better ask OpenSC mailing list with
> the help asking for the support for handle data objects even if the card
> could store them..

As mentioned in my more detailed follow-up email on how TrueCrypt
accesses the "keyfile" on the smartcard, Scute is not able to do this.
GnuPG however can access the (optional) private data objects on the card
that could be used to store the "keyfile" on the card (as they are PIN
protected). If I'm not mistaken, you should be able to add this to Scute
through scdaemon and the GETATTR PRIVATE-DO-3 and SETATTR PRIVATE-DO-3
commands over scdaemon's Assuan protocol that you would have to map to
the appropriate PKCS #11 in Scute (see TrueCrypt's source code for how
it finds PKCS #11 objects on the card). That said, I doubt using the
private DOs for PKCS #11 objects and associated metadata will be
generally accepted (other people could be storing other data in these
data objects), so you would probably have to add a compile-time option
or maintain a fork.

If you are trying to implement this as part of job/on behalf of your
employer (guessing from your website and work email address that seems
to be the case), I would also advice you to subcontract somebody else to
implement this feature (see Werner Koch's email).

Regards,
Matthias-Christian



More information about the Gnupg-users mailing list