OnWorks favicon

gnupg-pkcs11-scd - Online in the Cloud

Run gnupg-pkcs11-scd in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command gnupg-pkcs11-scd that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator



gnupg-pkcs11-scd — GnuPG-compatible smart-card daemon with PKCS#11 support


gnupg-pkcs11-scd [--server] [--multi-server] [--daemon] [--verbose] [--quiet] [--sh] [--csh]
[--options file] [--no-detach] [--log-file file] [--help]


gnupg-pkcs11-scd is a drop-in replacement for the smart-card daemon (scd) shipped with the
next-generation GnuPG (gnupg-2). The daemon interfaces to smart-cards by using RSA Security
Inc. PKCS#11 Cryptographic Token Interface (Cryptoki). The following options are available:

Run in server mode (foreground). If not redirected, input and output are over

Run in multi-server mode (foreground). In addition to communicating over stdin/stdout,
the server also opens an additional listening UNIX socket.

Detach and run in background.

Be verbose while running.

Be as quiet as possible.

Output sh-style environment variable definition.

Output csh-style environment variable definition.

--options file
Read options from file. Some of the configuration options can only be set in the
configuration file (see the CONFIGURATION section).

Do not detach from console (useful for debugging purposes).

--log-file file
Output log to file.

Print help information.

When the daemon receives any of the SIGHUP, SIGTERM and SIGINT signals, it cleans up and

gnupg-pkcs11-scd works only with already personalized cards, and supports (for the time
being) only RSA keypairs. The following constraints must be satisfied:

1. For each private key object, a certificate object must exist on the card. The
existence of the corresponding public key object is not important (since the
certificate includes public key).
2. The certificate and the corresponding private key must have identical CKA_ID attribute.

The PKCS#11 implementation is not obliged to enforce any of the above rules. However,
practice has shown that popular PKCS#11 implementations found "in the wild" seem to respect


Unlike gpg-agent, gnupg-pkcs11-scd supports more than one token available at the same time.
In order to make gpg-agent happy, gnupg-pkcs11-scd always returns the same card serial
number to gpg-agent. When unavailable token is requested, gnupg-pkcs11-scd will use NEEDPIN
callback in order to ask for the requested token. When and if gpg-agent will support more
than one serial number or NEEDTOKEN callback, this behavior will be modified.


HOME Used to locate the home directory.
GNUPGHOME Used instead of ~/.gnupg.
USERPROFILE Used only on Win32 to locate the home directory.

Additionally, the \\Software\\GNU\\GnuPG\\HomeDir registry key is used on Win32 to locate
the default GNUPGHOME.

Use gnupg-pkcs11-scd online using onworks.net services