On Thu, 21 Jul 2005 12:25:49 +0200, Felix E Klee said: > * Can I use GnuPG for signing and decryption with a smart card and 2048 > bit RSA keys? What limitations do I have to expect, if any?
Cards able to to generate and use 2k RSA keys are not easily available. This will change in a year or so. State of the art is still 1k RSA. > * Personally, I currently favor the Axalto Cryptoflex 32k. But is there > any card that you recommend? (I know that there's the OpenPGP card but > it only supports keys up to 1024 bits - not an option.) gpg only supports the OpenPGP card specification. You are free to implement it on your card. > * Why was OpenSC removed with development version 1.9.17 of GnuPG? From > a software developer's point of view it just doesn't make sense to > ditch an existing and supposedly well working library that provides a * OpenSC is a huge and complex library with an ever changing API and often hidden ABI changes. It just makes too much trouble. * It requires your application to use pthreads with conflicts with the use of another threading library; GNU Pth in our case. * We only need to _read_ PKCS#15 structures and not to _create_ them. This it is actually pretty easy to implement. PKCS#15 has intentionally been designed to ease things. > standardized interface (PKCS#11) and whose license (LGPL) is compliant > with the license of the GnuPG. Not really: You need to build OpenSC without OpenSSL support. Otherwise you put additional restrictions on any GPL program linking to OpenSC - which is not compatible to the GPL. Frankly, I don't understand why the OpenSC folks still do this. I complained about this several times in the last years and it is one of the reasons why I stopped working on OpenSC (I wrote the the support for TCOS and MICARDO). > * If not GnuPG, what free software alternatives are there for doing PGP > signing and decryption with a smart card? I don't know. For me the smartcard support works pretty well and I know quite some people who are using it day by day for email and to mount encrypted file systems. Salam-Shalom, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
