[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Re: Revised patch to support the SmartCard-HSM in scdaemon
From: NIIBE Yutaka <gniibe () fsij ! org>
Date: 2015-07-09 8:52:39
Message-ID: 559E3657.7000608 () fsij ! org
[Download RAW message or body]
Thank you for your prompt reply.
I am talking about GnuPG 2.1.
I think that, even now, it is possible to use gpg-connect-agent
command to sign/deciper using SmartCard-HSM.
On 07/09/2015 04:32 PM, Andreas Schwier wrote:
> the SmartCard-HSM driver only works with gpgsm. When we wrote the
> driver, there was a limitation in gpg that prevented the use of anything
> else than a card compliant with the OpenPGP Card specification [1].
>
> If that situation has been resolved, then I'm more than happy to make
> the SmartCard-HSM available as key store for GnuPG keys.
It is not fully resolved yet (it's on going). As I addressed in the
previous mail, some external tool would be required to create OpenPGP
key which is associated to a private key in SmartCard-HSM.
If SmartCard-HSM has capability to show its public key to its users,
please implement READKEY method in app-sc-hsm.c. Then, it will be
possible to write such an external tool.
Combined together, I believe that gpg frontend will be able to use
SmartCard-HSM as a backend of private key operation for OpenPGP
(possibly, a small change would be required, but not that difficult).
Given the situation GnuPG 2.1 supports ECC, it would be interesting
if a user can use SmartCard-HSM as a key store of ECC. :-)
--
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic