OpenPGP card and BasicCard

Werner Koch wk at gnupg.org
Thu Apr 14 20:01:55 CEST 2005


On Thu, 14 Apr 2005 08:20:13 +0200, Christian Rank said:

> So the OpenPGP cards are ZeitControls's BasicCards with RSA encryption
> and the OpenPGP application loaded and put in state 'RUN' (no further
> programming of the card possible)?

Exactly.

> What I'm missing from the OpenPGP card is the ability to load a PCKS#15
> structure on the card. This would make it possible to use this card not

No way.  There is a reason why we did this simple design.  pkcs#15 is
a compex thing with a lot of incompatibilities between
implementations.

> only for signing and encryption, but also for WWW authentication with
> client certificates. Is something like that planned in the future?

There is a vague plan of writing a pkcs#11 library using the card as
actual crypto token.  Most likely this library will speak to scdaemon
via gpg-agent and thus support a variety of cards - including native
pkcs#15 cards.

AFAIK, there is pkcs#15 emulation code in OpenSC for our card.  Not
sure whether it is still functional; Olaf Kirch once wrote it and told
me that he succeeded in using the card.


Salam-Shalom,

   Werner





More information about the Gnupg-users mailing list