GPG with PKCS#15 card
Bow
dev at nixonnet.org
Thu Mar 19 05:41:47 CET 2026
I would like to clarify to what extent GPG 2.4.9 (not GPGSM) supports
PKCS#15 cards.
(In case it matters: I am working with a J3R180, not a Yubikey.)
The SCDaemon section of the manual [1] says that PKCS#15 is used by
GPGSM, from which I infer GPG can not use it - which makes sense to me
as it is my understanding that PKCS#15 v1.1 stores X.509/etc
certificates - but GPG can use PIV cards [2] which I believe to also
store certificates. (And I understand this [3] user-list answer to
mean GPG supports PKCS#15 cards.) So I am confused.
Can I use a PKCS#15 v1.1 with GPG similarly to an OpenPGP card? (Not
including card management, just signing and encryption.)
If so, how can I generate key-stubs/associate on-card keys with OpenPGP
subkeys? Would checkkeys work?
Thank you for your time,
Bow
[1] https://www.gnupg.org/%28en%29/documentation/manuals/gnupg24/scdaemon.1.html
[2] https://www.gnupg.org/documentation/manuals/gnupg/gpg_002dcard.html
[3] https://lists.gnupg.org/pipermail/gnupg-users/2026-January/068092.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20260318/dafe00a0/attachment.sig>
More information about the Gnupg-users
mailing list