OpenPGP Card

Zeljko Vrba zvrba at globalnet.hr
Mon Sep 5 19:36:07 CEST 2005


Alon Bar-Lev wrote:
> Zeljko wrote:
>
>>IMHO, PKCS#11 has succeeded where ISO7816 has failed: providing a
>>(relatively) simple way to interface with many smart-card implementations,
>
And I've forgot to mention one thing that may be important to some
people: PKCS#11 is not limited to smart-cards. If GPG were to support
it, it could be used with top-grade crypto modules (providing physical
security and self-destruct on tampering) such as Thales WebSentry or
nCipher. And for these things there is *no* universal standard except
for PKCS#11 and MS CAPI.

 From experience I know that Thales was delivering RG732 crypto modules
with their own development kit, and they've switched to PKCS#11 + MS
CAPI in their new products (i.e. WebSentry).

Yes, these devices are expensive for individuals. But if company already
does own (for some) reason one of these, maybe they would also like to
use it for e.g. storing a company "master key" that signs employees'
keys. That's just one use-case example.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050905/1a15f387/signature.pgp


More information about the Gnupg-devel mailing list