Fwd: KMail/GnuPG always report problems with signed S/MIME

Bernhard Reiter bernhard at intevation.de
Wed Jul 21 16:18:35 CEST 2004


On Tue, Jul 20, 2004 at 04:27:26PM +0200, bsmaillist at skynet.be wrote:
> On Tuesday 20 July 2004 16:06, Werner Koch wrote:
> > On Tue, 20 Jul 2004 13:20:04 +0200, bsmaillist  said:

> > > Does gnupg 1.9.9 support smartcards via PKCS#11?
> >
> > pkcs#11 is a silly standard only useful if you want to hide your
> > application, driver or whatever.  This it is IMHO not useful for FS.

Werner, "silly" is not a description that people can understand.
From what I have learned from you, a better description would be:

For Free Software there are technical solutions which are better than pkcs#11 
because they are more robust and 
basically give you the same funcationality with the same cards.
So instead of going over pkcs#11 which is error prone due to subtle
differences in implementation, we use opensc to access pkcs#15 applications.
The same card applications can be accessed via pkcs#11 in other development
environments. Important for the user is that the card application can
be used stably.

> > gnupg 1.9 supports a couple of smartcard - if you are able to build
> > with OpenSC it should support many pkcs#15 card and it natively
> > support DINSIG, NKS and OpenPGP cards.  Access either using ctAPI,
> > PC/SC or using the native CCID driver.

> So we have GnuPG excluding all PKCS#11 cards and we have KMail 1.7 excluding 
> any other crypto plugin but GnuPG. And thus the circle is closed.

This puts a negative touch on things, I cannot see warranted.

As explained in this thread: PKCS#11 is an access protocol to cards,
but there are other (better ways) to access the cards.
GnuPG accesses the card application in a different way, 
thus no card is excluded by definition.

The modern KMail versions do not use crypto plugins anymore to be precise.
They access gpgme (generation 0.4.x) directly for the integrated 
crypto support for PGP/MIME and S/MIME. This integration is non-trivial
and a general api to just put in another cryptobackend is not feasable.
As Kmail is Free Software you can integrate another loadable module, though.
So KMail does not exclude other crypto backend integration by any means.

Regards,
Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20040721/987b9196/attachment.bin


More information about the Gpa-dev mailing list