Features and Limitations - The Scute Manual

Next: Developing Scute, Up: Internals

5.1 Features and Limitations

Scute implements version 2.20 of the PKCS #11 specification.

The OpenPGP smart card application is supported in read-only mode.

The following functions are not supported:

C_Initialize: No support for native thread package. Locking callbacks must be provided if multi-threaded operation is desired.
C_WaitForSlotEvent: Not implemented. The interface as specified by PKCS #11 is broken anyway, as the function can not safely be canceled. Thus, we require polling.
C_GetOperationState
C_SetOperationState: Not supported.
C_InitToken

C_InitPIN
C_SetPIN: Not supported. No write operations are allowed. To configure the token, please use the tools accompanying the GnuPG software suite.
C_Login
C_Logout: Not supported. No login into the token by the software is required. Passphrase queries are implemented by the use of GPG Agent and Pinentry.
C_EncryptInit
C_Encrypt
C_EncryptUpdate
C_EncryptFinal
C_DigestInit
C_Digest
C_DigestUpdate
C_DigestKey
C_DigestFinal
C_VerifyInit
C_Verify
C_VerifyUpdate
C_VerifyFinal
C_VerifyRecoverInit
C_VerifyRec: Not supported. Only secret key operations are supported.
C_SignInit
C_Sign: Currently, only signing 36 bytes (MD5+SHA1) hashes is supported (used for client authentication).
C_DecryptInit
C_Decrypt: Not yet supported, but will be in the future.
C_SignUpdate
C_SignFinal
C_DecryptUpdate
C_DecryptFinal: No progressive crypto-operations are supported.
C_SignRecoverInit
C_SignRecover: Not supported.
C_DigestEncryptUpdate
C_DecryptDigestUpdate
C_SignEncryptUpdate
C_DecryptVerifyUpdate: Dual-purpose cryptographic functions are not supported.
C_GenerateKey
C_GenerateKeyPair
C_WrapKey
C_UnwrapKey
C_DeriveKey: Key management functions are not supported. Please use the tools accompanying the GnuPG software suite to generate and import keys for use with the token.
C_SeedRandom
C_GenerateRandom: Not supported at this point. C_GenerateRandom may be supported in the future, though.
C_CreateObject
C_CopyObject
C_DestroyObject
C_SetAttributeValue:: Only read-only operations are supported on objects.
C_GetObjectSize: Not supported.
CKO_CERTIFICATE: The label specifies the key on the card used (e.g. OPENPGP.3). The ID is the fingerprint.
CKO_PRIVATE_KEY:: The CKA_LOCAL attribute can not be supported by the OpenPGP card. It is always set to false (as the key on the card may be copied to the card from an external source).