gpg-2.1.6 scdaemon: cannot disable OpenPGP application

NIIBE Yutaka gniibe at fsij.org
Thu Jul 9 06:56:46 CEST 2015


Hello,

Currently, in the source code of GnuPG, we have support of following:

	DINSIG (DIN V 66291-1)
	German Geldkarte
	OpenPGP card
	pkcs#15 card
	SmartCard-HSM
	Telesec NKS card

Pardon my ignorance about smartcard other than OpenPGPcard compatible.

The driver for SmartCard-HSM is recently added.  Others looks quite
old.

On 07/08/2015 06:29 PM, Marek Szuba wrote:
> This is the first time I tried using this card with GnuPG, what I
> meant is that it had been working perfectly with other applications
> (via PKCS#11, PKCS#15 and dedicated SmartCard-HSM tools).

I see your situation.

> In other words, even though scdaemon does support this type of card
> now gpg itself (I've just tried gpgsm, I've got no X.509
> certificates on that card but at least no errors appear) still
> requires an OpenPGP SmartCard?

I'm not sure, but it would be possible for SmartCard-HSM to be tested
very lightly, and it was not well tested as a whole GnuPG suite.  I
mean, it would not be tested with gpg frontend together.  Perhaps, it
was only tested with gpgsm.

If so, I think that the situation is somehow frustrated for users of
SmartCard-HSM who expect OpenPGP functionality.

I've examined the code of SmartCard-HSM driver.  There are most
functionalities.  However, the method of 'do_readkey' (of retrieving
public key information from card) is missing.  If it will be
supported, we will be able to use SmartCard-HSM for OpenPGP.

I need some help for this direction of development.

Well, for the first step, please help me.  I think that

    $ gpg-connect-agent learn "SCD SERIALNO" /bye

... works somehow with SmartCard-HSM.  Could you please confirm?
-- 



More information about the Gnupg-users mailing list