Next: , Up: Internals  


7.1 Features and Limitations

Scute implements version 2.20 of the PKCS #11 specification.

The OpenPGP smart card application is supported in read-only mode.

The following functions are not supported:

C_Initialize

No support for native thread package. Locking callbacks must be provided if multi-threaded operation is desired.

C_WaitForSlotEvent

Not implemented. The interface as specified by PKCS #11 is broken anyway, as the function can not safely be canceled. Thus, we require polling.

C_GetOperationState
C_SetOperationState

Not supported.

C_InitToken
C_InitPIN
C_SetPIN

Not supported. No write operations are allowed. To configure the token, please use the tools accompanying the GnuPG software suite.

C_Login
C_Logout

Not supported. No login into the token by the software is required. Passphrase queries are implemented by the use of GPG Agent and Pinentry.

C_EncryptInit
C_Encrypt
C_EncryptUpdate
C_EncryptFinal
C_DigestInit
C_Digest
C_DigestUpdate
C_DigestKey
C_DigestFinal
C_VerifyInit
C_Verify
C_VerifyUpdate
C_VerifyFinal
C_VerifyRecoverInit
C_VerifyRec

Not supported. Only secret key operations are supported.

C_DecryptInit
C_Decrypt

Not yet supported, but will be in the future.

C_SignUpdate
C_SignFinal
C_DecryptUpdate
C_DecryptFinal

No progressive crypto-operations are supported.

C_SignRecoverInit
C_SignRecover

Not supported.

C_DigestEncryptUpdate
C_DecryptDigestUpdate
C_SignEncryptUpdate
C_DecryptVerifyUpdate

Dual-purpose cryptographic functions are not supported.

C_GenerateKey
C_GenerateKeyPair
C_WrapKey
C_UnwrapKey
C_DeriveKey

Key management functions are not supported. Please use the tools accompanying the GnuPG software suite to generate and import keys for use with the token.

C_SeedRandom

Not supported.

C_CreateObject
C_CopyObject
C_DestroyObject
C_SetAttributeValue:

Only read-only operations are supported on objects.

C_GetObjectSize

Not supported.

CKO_CERTIFICATE

The label specifies the key on the card used (e.g. OPENPGP.3). The ID is the fingerprint.

CKO_PRIVATE_KEY:

The CKA_LOCAL attribute can not be supported by the OpenPGP card. It is always set to false (as the key on the card may be copied to the card from an external source).


Next: , Up: Internals