PKCS#11 support for gpg-agent
Alon Bar-Lev
alon.barlev at gmail.com
Mon Aug 15 09:02:38 CEST 2005
Hello,
I know it is an old issue... But I think it is very important issue,
so I want to raise it again.
PKCS#11 is a standard specifying how to access cryptographic token.
Must smartcard vendors provide PKCS#11 library that allow simple
smartcard integration with applications.
PKCS#11 implementation is not platform specific and is implemented for
Windows, Linux etc...
I couldn't see any plans to support this standard, and could find some
answers that suggest it will not be supported.
Mozilla, Firefox, Thunderbird and now Java support PKCS#11 standard in
order to access cryptographic tokens, gives these software an edge in
smartcard integration.
openssl have a gateway through open-sc to PKCS#11 tokens, but it is very
basic gateway that can only use private key objects on the token.
When I saw that in the new version gpg has gpg-agent I was very glad! I
thought that finally a standard implementation to access cryptographic
tokens will be implemented.
But then I've seen that only proprietary smartcard tokens are supported
(directly) and ssh-agent... No standard way to access external
cryptographic devices.
I will be glad to discuses the need of implementing PKCS#11 support for
gpg-agent, and helping in the implementation process...
I think it is very important to have such support for any software that
deals with cryptographic and secrets. gnupg falls into this category...
Best Regards,
Alon Bar-Lev
More information about the Gnupg-users
mailing list