Next: Developing Scute, Up: Internals
Scute implements version 2.20 of the PKCS #11 specification.
The OpenPGP smart card application is supported in read-only mode.
The following functions are not supported:
C_Initialize
No support for native thread package. Locking callbacks must be provided if multi-threaded operation is desired.
C_WaitForSlotEvent
Not implemented. The interface as specified by PKCS #11 is broken anyway, as the function can not safely be canceled. Thus, we require polling.
C_GetOperationState
C_SetOperationState
Not supported.
C_InitToken
C_InitPIN
C_SetPIN
Not supported. No write operations are allowed. To configure the token, please use the tools accompanying the GnuPG software suite.
C_Login
C_Logout
Not supported. No login into the token by the software is required. Passphrase queries are implemented by the use of GPG Agent and Pinentry.
C_EncryptInit
C_Encrypt
C_EncryptUpdate
C_EncryptFinal
C_DigestInit
C_Digest
C_DigestUpdate
C_DigestKey
C_DigestFinal
C_VerifyInit
C_Verify
C_VerifyUpdate
C_VerifyFinal
C_VerifyRecoverInit
C_VerifyRec
Not supported. Only secret key operations are supported.
C_DecryptInit
C_Decrypt
Not yet supported, but will be in the future.
C_SignUpdate
C_SignFinal
C_DecryptUpdate
C_DecryptFinal
No progressive crypto-operations are supported.
C_SignRecoverInit
C_SignRecover
Not supported.
C_DigestEncryptUpdate
C_DecryptDigestUpdate
C_SignEncryptUpdate
C_DecryptVerifyUpdate
Dual-purpose cryptographic functions are not supported.
C_GenerateKey
C_GenerateKeyPair
C_WrapKey
C_UnwrapKey
C_DeriveKey
Key management functions are not supported. Please use the tools accompanying the GnuPG software suite to generate and import keys for use with the token.
C_SeedRandom
Not supported.
C_CreateObject
C_CopyObject
C_DestroyObject
C_SetAttributeValue:
Only read-only operations are supported on objects.
C_GetObjectSize
Not supported.
CKO_CERTIFICATE
The label specifies the key on the card used (e.g. OPENPGP.3
).
The ID is the fingerprint.
CKO_PRIVATE_KEY:
The CKA_LOCAL
attribute can not be supported by the OpenPGP card.
It is always set to false (as the key on the card may be copied to the
card from an external source).
Next: Developing Scute, Up: Internals