Hi Peter > But changing the contents of DOs on an OpenPGP card is exactly > > what the gpg administration tools do, so why reimplementing this into > > pkcs15-init > Because it > * looks possible ;-) > * helps to better understand PC/SC, opensc, gpg, ... > * is fun > * may improve opensc's PKCS#* support for OpenPGP cards > * ... >
I did not know that the pkcs15-init routines are used by opensc-pkcs11. So I was wonderung why Quân was trying to extend the functionality of the pkcs15-init executable. In the meantime I understood what he is trying to do > > And I'm afraigth that those things that "gpg --edit-card" cannot do > > are impossible to do. > How can one write a certificate to an OpenPGP card using gpg? > gpg does not use certificates so you cannot store a cert into an OpenPGP card with gpg. I use my own PKCS#11-library (available at www.smartcard-auth.de) and download the cert with Firefox. Firefox will then store the certifiate into my Cryptostick. > What about the DOs 0101 - 0104? > These are DOs that are not used by gpg. Unfortunately the maximal length of these DOs is 254 bytes. Otherwise one could use then to store additional certificates. When TrueCrypt is configured with my OpenPGP PKCS#11-library I'm using one of these DOs to store the TrueCrypt key. I consider Quân's goal a very honorable one. > So do I > Even if e do not reach 100% compatibility, his work should be honored. > Absolutely right, My only intention was to start a discussion about the direction Quân should take. > Peter > Dito ;-) > Dito :-)
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
