Smart card interface, OpenSC and OpenCT
Werner Koch
wk at gnupg.org
Tue Jul 26 07:41:58 CEST 2005
On Mon, 25 Jul 2005 17:10:42 +0200, Laurent Pinchart said:
> Could anyone tell me why that decision has been made ? What's the
* OpenSC is a huge and complex library with an ever changing API and
often hidden ABI changes. It just makes too much trouble.
* It requires your application to use pthreads which conflicts with
the use of another threading library; GNU Pth in our case. This is
the actual show stopper.
* We only need to _read_ PKCS#15 structures and not to _create_ them.
This was actually pretty easy to implement and took me only a few
days. Still not complete due to the lack of test cards (aside of a
self-created pkcs15 card I do have only one other card
(Dienstausweis des BMI).
* OpenSC may only be used by LGPL software because it makes use of
OpenSSL. It is possible to disable this by losing some
functionality; no distribution does it.
> prefered way to interface a smart card reader in GnuPG ? Is it PC/SC ? What
> about readers with a pin pad ?
Either direct access via the interanl CCID driver or by PC/SC or
ctAPI. Adding OpenCT support won't be a problem.
> Zetes (the company that developped the Belgian eID software) contributed
> LGPLed code to OpenSC to support the eID card. Should this code be ported to
> GnuPG ?
AFAIK, the card is a PKCS#15 one so in theory signing should already
work with gpgsm. A textcard would definitley be helpful.
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list