Alon Bar-Lev wrote:
I use Athena smartcard www.athena-scs.com which works perfectly in term of Linux and PKCS#11. I enjoy using it with Java JCE, Mozilla, Tunderbird, PAM_PKCS11, I've encrypted my disk using aes-loop and then required gpg to support PKCS#11... And here we are...
Great! When I was developing my patch, I had only Cryptoflex 8k cards available (still have a few of them, but not at my current geographical location :)).
This is great work!
> Thanks. >
But the work needs to be moved into gpg-agent... :(
Probably not too difficult, but still time-consuming to understand the existing code.. and that would probably be wasted time, unless you want to make a life-time commitment to keep the patch in pace with gpg development. >
I would have help merging it if I knew that there is a chance to merge it into to gpg source.
Judging by the discussion on this list.. it seems that there is no chance for that :( Look in the archives of gnupg lists, IIRC it is around November 2004, for threads started by me. I was quickly discouraged by Werner and nowhere as persistent as you in trying to persuade him into the usefulness of PKCS#11. IMHO, PKCS#11 has succeeded where ISO7816 has failed: providing a (relatively) simple way to interface with many smart-card implementations, many of which aren't ISO7816-compliant above level 3 - they even don't support basic interindustry commands, but provide their own proprietary and undocumented command set. Personally, I think that applications not supporting PKCS#11 and/or MS CAPI will become extinct much before than non-compliant ISO7816 cards. These two have become the de-facto industry standards. I'm no fortune teller, so time will prove me right or wrong :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
