OpenPGP Card
Alon Bar-Lev
alon.barlev at gmail.com
Fri Sep 2 17:45:53 CEST 2005
Joerg Schmitz-Linneweber wrote:
> Hi Alon!
>
> I would like to see support for PKCS#11 too but...
> (won't elaborate on this now ;-)
I will be glad if you will...
It seems that I am the only one that don't understand gpg
motivation.
>
> Regarding the "open-ness" of OpenGPG: Why do you (and Benjamin) think its not
> open (enough)?
> The specs are there and you are free to implement "both sides" of the (smart)
> card.
> For me the specs allow(ed) it to try implementing OpenGPG on a IBM JavaCard
> (and it *would* be possible to have a JavaCard implement OpenGPG in parallel
> to PKCS#11...)
>
> Just my 2cts... Salut, Jörg
>
This is EXACTLY the problem.
If you have a RSA private key and X.509v3 certificate that
refers to the public key, you expect this key to be shared
among all applications that you use.
If you had to write an separate applet and provider for each
application you make the cost of smartcard integration
EXTREMELY high!
On the other hand, if you implement a software API for
accessing a generic smartcard, then you don't need to
implement any special software in order to use smartcard type
A or smartcard type B.
This is all PKCS#11 is about (Or Microsoft CSP in Windows
environment...) It provides a generic API to access
cryptographic tokens. Most smartcard vendors, including IBM,
provide PKCS#11 library that communicates with their card.
PKCS#11 application can benefit from it as well as the user...
No proprietary code should be written in order to make your
software work with your hardware.
Best Regards,
Alon Bar-Lev.
More information about the Gnupg-users
mailing list