gpg-2.1.6 scdaemon: cannot disable OpenPGP application
scriptkiddie at wp.pl
Thu Jul 9 15:48:29 CEST 2015
On 2015-07-09 06:56, NIIBE Yutaka wrote:
> I'm not sure, but it would be possible for SmartCard-HSM to be tested
> very lightly, and it was not well tested as a whole GnuPG suite. I
> mean, it would not be tested with gpg frontend together. Perhaps, it
> was only tested with gpgsm.
> If so, I think that the situation is somehow frustrated for users of
> SmartCard-HSM who expect OpenPGP functionality.
Indeed. To be precise, the SmartCard-HSM Web site states clearly GnuPG
only supports this card as key store for X.509 certificates and private
keys so there should be no false expectations regarding OpenPGP support
- but given we are talking about a powerful, highly versatile and
apparently increasingly popular SmartCard here it would in the long run
be a waste not to let it be used in this mode.
One problem is that as you pointed out in your previous post, the Assuan
command which explicitly demands cards accessed by gpg to support the
openpgp application is hard-coded in the sources and has been there for
quite a few years. Hopefully relaxing this restriction will not prove to
be too much of a paradigm shift.
> I've examined the code of SmartCard-HSM driver. There are most
> functionalities. However, the method of 'do_readkey' (of retrieving
> public key information from card) is missing. If it will be
> supported, we will be able to use SmartCard-HSM for OpenPGP.
> I need some help for this direction of development.
It is excellent news that there shouldn't be too much left to implement!
I will be very happy to provide any help I can. Shall we continue off
the mailing list?
More information about the Gnupg-users