./security/gnupg-pkcs11-scd, OpenSC smart card support for GnuPG

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.9.2nb1, Package name: gnupg-pkcs11-scd-0.9.2nb1, Maintainer: pkgsrc-users

gnupg-pkcs11 is a project to implement a BSD-licensed smart-card
daemon to enable the use of PKCS#11 tokens with GnuPG. The motivation
behind this project originates in the following two threads:

* http://lists.gnupg.org/pipermail/gnupg-users/2006-February/027964.html
* http://lists.gnupg.org/pipermail/gnupg-devel/2004-November/021522.html
* http://lists.gnupg.org/pipermail/gnupg-users/2004-November/023673.html

PKCS#11 is the de-facto standard for accessing cryptographic tokens,
and thus we strongly disagree with WK's attitude towards it.

The patch mentioned in the above threads is unmaintained, so we
decided to implement PKCS#11 support "the right way". gnupg-pkcs11
is a (hopefully) drop-in replacement for the smart-card daemon
(scd) shipped with GnuPG.


Required to run:
[security/libgpg-error] [security/libgcrypt] [security/openssl] [security/pkcs11-helper] [security/libassuan2]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 7c29547d34f6539c509cb5afb48e2cfe0720fac7
RMD160: 5a83c9d82b81f795c1066a9ab89604be096cc5d5
Filesize: 143.884 KB

Version history: (Expand)


CVS history: (Expand)


   2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046)
Log message:
all: migrate several HOMEPAGEs to https

pkglint --only "https instead of http" -r -F

With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.

This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-12-11 02:44:37 by Emmanuel Dreyfus | Files touched by this commit (2) | Package updated
Log message:
Update gnupg-pkcs11-scd to 0.9.2

Changelog since 0.7.0

2019-01-05 - Version 0.9.2

 * Fixu Windows build issues, thanks Luka Logar.
 * Use pin-cache configuration, thanks Luka Logar.
 * Support openssl-1.1, thanks Thorsten Alteholz, W. Michael Petullo.

2017-09-26 - Version 0.9.1

 * Support unix domain socket credentials on FreeBSD.
 * Introduce GNUPG_PKCS11_SOCKETDIR to instruct where sockets are created.
 * Make proxy systemd service work again per change of systemd behavior.

2017-08-25 - Version 0.9.0

 * Avoid dup of stdin/stdout so that the terminate assuan hack operational
   again.
 * Introduce gnupg-pkcs11-scd-proxy to allow isolation of the PKCS#11
   provider.
 * Lots of cleanups.

2017-07-15 - Version 0.8.0

 * Support multiple tokens via serial numbers by hashing token id into
   serial number.
   Implementation changes the card serial number yet again, executing
   gpg --card-status should resync.

2017-04-18 - Version 0.7.6

 * Add --homedir parameter.
 * Rework serial responses for gnupg-2.1.19.

2017-03-01 - Version 0.7.5

 * Fix issue with decrypting padded data, thanks to smunaut.
 * Catchup with gnupg-2.1 changes which caused inability to support
   both gpg and gpgsm. Implementation had to change card serial
   number, as a result current keys of gpg will look for the
   previous serial card.
   emulate-openpgpg option is obsoleted and removed.

   ACTION REQUIRED
   in order to assign new card serial number to existing keys.
   backup your ~/.gnupg.
   delete all PKCS#11 secret keys using:
       gpg --delete-secret-keys $KEY then
   Then refresh keys using:
       gpg --card-edit
   In <gnupg-2.1.19 the keys should be re-generated using:
       admin
       generate
   Do not replace keys!
   gpg will learn the private keys of the new card and attach to
   the existing public keys.
 * Support gnupg-2.1 features of using existing keys, keys
   should not be explicitly specified in configuration file
   any more.

2017-01-18 - Version 0.7.4

 * Fix gpg change in serialno attribute.
 * Sync with gnupg-2.1, thanks to Moritz Bechler.

2011-07-30 -- Version 0.7.3

 * Use assuan_sock_init, bug#3382372.

2011-04-09 -- Version 0.7.2

 * Some cleanups, thanks to Timo Schulz.
 * Sync hashing algorithms for OpenPGP.

2011-03-16 -- Version 0.7.1

 * Sync with gnupg-2.0.17.
   2019-11-04 22:13:04 by Roland Illig | Files touched by this commit (118)
Log message:
security: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-07-21 00:46:59 by Thomas Klausner | Files touched by this commit (595)
Log message:
*: recursive bump for nettle 3.5.1
   2019-05-06 00:49:54 by Ryo ONODERA | Files touched by this commit (104)
Log message:
Recursive rebvump from devel/nss
   2018-04-18 00:29:53 by Thomas Klausner | Files touched by this commit (286)
Log message:
Add p11-kit to gnutls/bl3.mk and bump dependencies.
   2018-01-01 23:30:04 by Roland Illig | Files touched by this commit (537)
Log message:
Sort PLIST files.

Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:

  pkglint -Cnone,PLIST -Wnone,plist-sort -r -F