How to use a PKCS#15 with GnuPG?

NdK ndk.clanbo at
Sat Jun 17 11:15:53 CEST 2017

Il 17/06/2017 10:35, Werner Koch ha scritto:

> gpg expects an OpenPGP card.  For pkcs#15 you need to use gpgsm.  As a
> starter do
>  gpgsm --learn-card
> which imports the certificates from such cards.  There is no --card-edit
> etc, because in general PKCS#15 cards are distributed personalized.
> Having done --learn-card once you can use the keys from the card for
> X.509 or CMS (aks S/MIME) stuff.
Then I don't understand the reason for gpgsm (the "niche" it fills)...
opensc already supports many cards, and can even edit some. And (via
PKCS#11) Firefox and Thunderbird (and many other programs, but only one
at a time) can use the cards for auth (and signing).

> But note, that PKCS#15 does not specifiy everything and card vendors
> oftne implement proprietary extensions/modifications.
As usual. But even openpgp RFCs are often implemented with proprietary

> See gnupg/scd/app-p15.c for some hints.
I'll have a look.


More information about the Gnupg-users mailing list