Peter Gutmann wrote:
I'd already offered the use of my PKCS #11 interface code from cryptlib for GPG use some time ago. This should do everything you need and has had years of tuning to work with all the bugs in various PKCS #11 drivers, it's vastly easier than going through the entire learning curve yourself.
That's correct, it was my proposal in question. The problem is that, under Linux, I couldn't find a smart-card + PKCS#11 combination that works correctly enough (out of the box) to be usable with cryptlib. GPG needs at three different keys and static data storage. I have a patch emulating static data storage, enabling the use of pre-generated keys. I don't remember exactly all the details, but I did disregard cryptlib for some reason (not because of its quality which is superb, but because of the state of.. smart-card and PKCS#11 issues on Linux). For interested parties in this thread: OpenPGP Java card applet (almost finished): http://www.core-dump.com.hr/index.pl?node_id=421 Patch that enables the use of any smart-card with GnuPG. It allows the use of cards with pregenerated keys and uses an auxiliray file to feed metadata into GnuPG (I'm assuming a read-only token). Signing works correctly. http://www.core-dump.com.hr/software/gnupg-1.3.92-pkcs11.patch http://www.core-dump.com.hr/software/gnupg-1.3.92-pkcs11.patch.asc There is a g10/p11howto.txt describing how to use it. I've given up on maintaining it because of Werner's attitude towards PKCS#11. If someone else wants to maintain it - be welcome. I will provide you some help if neccessary.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
