Scute accesses the card via either scdaemon or gpg-agent (I can't remember which and I'm on my phone), so you don't need to release the card and reenter your PIN to switch back and forth between PKCS#11 and gpg/gpgsm. However, it's a minimal implementation of the parts of the API necessary for X.509 auth in Firefox, so I have no idea what else it might work for in its present state. I plan to try it with OpenVPN pretty soon. On Jan 17, 2014 7:44 AM, "Hans-Christoph Steiner" <h...@guardianproject.info> wrote:
> > > On 01/17/2014 03:05 AM, Werner Koch wrote: > > On Fri, 17 Jan 2014 02:24, se...@literati.org said: > > > >> Scute works great with Firefox, but keep in mind it requires gpg-agent > (or > > > > Sure. That is the whole point of the exercise. > > > >> at least scdaemon). AFAIK it's not intended to work with anything other > >> than Firefox right now. I've been meaning to try it out with > wpa_supplicant > > > > Well, it has not been tested with anything else. However, it implements > > the pkcs#11 interface properly for signature keys and Marcus even came > > up with a free and readable implementation of the pkcs11 header file. > > > >> The code seems fairly straightforward and it comes with documentation > for > >> spying on the PKCS#11 calls to help troubleshoot the implementation, so > >> even if it doesn't work it may not require too much hacking to make it > > > > Right. I would love to see a new maintainer for it. If there are any > > GnuPG related problems I will for sure help with it. > > How does scute's PKCS#11 support differ from OpenSC's? If the OpenPGP > card is > supported by opensc, is that providing the same thing as scute? I already > have Java's keytool talking to the OpenPGP card via OpenSC, I just can't > get > it to sign something yet. > > .hc > > > -- > PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 >
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
