Hi Werner,
Werner Koch wk@gnupg.org writes:
Actually RMS uses such a card himself. He told me a few years ago that it does not matter because it is technically not possible to change the software running on the card.
I know he makes that distinction and I agree with him that it doesn't matter in practial terms, but I would say that it still matters in principle. It should be free, even if I cannot change it personally. He may or may not disagree with that stance, but I don't know that.
If you want a free implementation of an OpenPGP compliant token, you should look at gnuk http://www.fsij.org/category/gnuk.html.
Thank you for telling me about that. I will have a look. To be fair, I don't really need a smartcard right now anyway. I am happy having my GnuPG keys on an encrypted hard drive. That does not protect against every kind of attack, but it is good enough at the moment (and I get to use larger keys).
Happy hacking! Florian