EnglishFrenchSpanish

OnWorks favicon

gnupg-pkcs11-scd - Online in the Cloud

Run gnupg-pkcs11-scd in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command gnupg-pkcs11-scd that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


gnupg-pkcs11-scd — GnuPG-compatible smart-card daemon with PKCS#11 support

SYNOPSIS


gnupg-pkcs11-scd [--server] [--multi-server] [--daemon] [--verbose] [--quiet] [--sh] [--csh]
[--options file] [--no-detach] [--log-file file] [--help]

DESCRIPTION


gnupg-pkcs11-scd is a drop-in replacement for the smart-card daemon (scd) shipped with the
next-generation GnuPG (gnupg-2). The daemon interfaces to smart-cards by using RSA Security
Inc. PKCS#11 Cryptographic Token Interface (Cryptoki). The following options are available:

--server
Run in server mode (foreground). If not redirected, input and output are over
stdin/stdout.

--multi-server
Run in multi-server mode (foreground). In addition to communicating over stdin/stdout,
the server also opens an additional listening UNIX socket.

--daemon
Detach and run in background.

--verbose
Be verbose while running.

--quiet
Be as quiet as possible.

--sh
Output sh-style environment variable definition.

--csh
Output csh-style environment variable definition.

--options file
Read options from file. Some of the configuration options can only be set in the
configuration file (see the CONFIGURATION section).

--no-detach
Do not detach from console (useful for debugging purposes).

--log-file file
Output log to file.

--help
Print help information.

When the daemon receives any of the SIGHUP, SIGTERM and SIGINT signals, it cleans up and
exits.

gnupg-pkcs11-scd works only with already personalized cards, and supports (for the time
being) only RSA keypairs. The following constraints must be satisfied:

1. For each private key object, a certificate object must exist on the card. The
existence of the corresponding public key object is not important (since the
certificate includes public key).
2. The certificate and the corresponding private key must have identical CKA_ID attribute.

The PKCS#11 implementation is not obliged to enforce any of the above rules. However,
practice has shown that popular PKCS#11 implementations found "in the wild" seem to respect
them.

NOTES


Unlike gpg-agent, gnupg-pkcs11-scd supports more than one token available at the same time.
In order to make gpg-agent happy, gnupg-pkcs11-scd always returns the same card serial
number to gpg-agent. When unavailable token is requested, gnupg-pkcs11-scd will use NEEDPIN
callback in order to ask for the requested token. When and if gpg-agent will support more
than one serial number or NEEDTOKEN callback, this behavior will be modified.

ENVIRONMENT


HOME Used to locate the home directory.
GNUPGHOME Used instead of ~/.gnupg.
USERPROFILE Used only on Win32 to locate the home directory.

Additionally, the \\Software\\GNU\\GnuPG\\HomeDir registry key is used on Win32 to locate
the default GNUPGHOME.

Use gnupg-pkcs11-scd online using onworks.net services


Ad


Ad