Hello Donncha!
Donncha Ó Cearbhaill:
However his code was integrating with a smartcard at a very low level by sending AT commands manually. I don't think that is the best approach for compatibility.
I think a better way would be to interface with the tokens via the PKCS#11 protocol. The majority of smartcards and HSMs implement this standard and there are compatible implementations available for most operating systems. The Python pykcs11 module should be a helpful start [1].
Yeah, interfacing smartcard directly or via GnuPG scdaemon is not the best approach. But PKCS#11 in even worse. Much much worse. This standard is so huge that noone can implement it right. It raises enterance threshold so high that it will be used only by overproprietary entities. OpenPGP Card spec is pretty small so that everyone can write code within an hour and start to interface with a card. So did I. At least I know what's going on under the hood and these transparency and simplicity makes this setup more secure.
-- Ivan Markin