Fwd: Re: PKCS#11 in GnuPG (yes, again!)

Stef Walter stefw at collabora.co.uk
Tue Jul 19 06:33:54 PDT 2011

On 07/19/2011 02:08 AM, Crypto Stick wrote:
> Right now are the pros and cons of a consistent PKCS11 interface
> discussed at the GnuPG developer mailinglist. It might be interesting to
> get P11-glue's opinion on this.
> See email below and the archive:
> http://lists.gnupg.org/pipermail/gnupg-devel/2011-July/026148.html

I agree that PKCS#11 isn't the most modern interface. It's actually
quite quaint. It's strength lies in its ubiquity. And that's what we're
trying to use to our advantage in this project.

My personal pet peeve is consolidating the key storage on the linux
desktop. In this area GnuPG actually does quite well. Almost without
exception, the user's OpenPGP keys are stored in the gnupg keyring, and
accessed in a single way (through the gnupg process).

Ironically, the way that gnupg forces clients to do a fork/exec in order
to access the keyring is quite baroque too. So it's strange to see
people pointing fingers and laughing :)



More information about the p11-glue mailing list