gpg-2.1.6 scdaemon: cannot disable OpenPGP application
NIIBE Yutaka
gniibe at fsij.org
Thu Jul 9 06:56:46 CEST 2015
Hello,
Currently, in the source code of GnuPG, we have support of following:
DINSIG (DIN V 66291-1)
German Geldkarte
OpenPGP card
pkcs#15 card
SmartCard-HSM
Telesec NKS card
Pardon my ignorance about smartcard other than OpenPGPcard compatible.
The driver for SmartCard-HSM is recently added. Others looks quite
old.
On 07/08/2015 06:29 PM, Marek Szuba wrote:
> This is the first time I tried using this card with GnuPG, what I
> meant is that it had been working perfectly with other applications
> (via PKCS#11, PKCS#15 and dedicated SmartCard-HSM tools).
I see your situation.
> In other words, even though scdaemon does support this type of card
> now gpg itself (I've just tried gpgsm, I've got no X.509
> certificates on that card but at least no errors appear) still
> requires an OpenPGP SmartCard?
I'm not sure, but it would be possible for SmartCard-HSM to be tested
very lightly, and it was not well tested as a whole GnuPG suite. I
mean, it would not be tested with gpg frontend together. Perhaps, it
was only tested with gpgsm.
If so, I think that the situation is somehow frustrated for users of
SmartCard-HSM who expect OpenPGP functionality.
I've examined the code of SmartCard-HSM driver. There are most
functionalities. However, the method of 'do_readkey' (of retrieving
public key information from card) is missing. If it will be
supported, we will be able to use SmartCard-HSM for OpenPGP.
I need some help for this direction of development.
Well, for the first step, please help me. I think that
$ gpg-connect-agent learn "SCD SERIALNO" /bye
... works somehow with SmartCard-HSM. Could you please confirm?
--
More information about the Gnupg-users
mailing list