several GPG smartcards connected at the same time
Werner Koch
wk at gnupg.org
Tue Aug 9 10:56:35 CEST 2016
On Tue, 9 Aug 2016 08:57, ndk.clanbo at gmail.com said:
> If GnuPG supported PKCS#11 it would open a whole new world, like the
> ability to use generic cards.
Nope. That is entirely unrelated. PKCS#11 is a clumsy standard to
allow the use of proprietary cards using proprietary
middleware/drivers/whatever_they_call_it. If you have an open
specification for a card you can easily write the required glue code and
add it to scdaemon. You may also use a PKCS#15 card and scdaemon would
work just fine with it - if there would not be so many different flavors
of that standard.
Using more that one card is more of an organisational problem. 10 years
ago or so I did some tests and it basically worked. However, back then
it was hard enough to convince people to buy just _one_ reader and thus
I dropped all efforts to make multipe reader/card support well working.
It is also questionable whether having two cards plugged in is a good
idea: You increase the attack surface and malware can make use of any of
those cards. This makes it hard for a user to notice unexpected use of
a card.
>From a practical point of view I would love to see support for two
cards: When doing a release I have to swap my cards for commit
signatures and release signatures all the time.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* Join us at OpenPGP.conf <https://openpgp-conf.org> */
More information about the Gnupg-users
mailing list