Any ideas/suggestions on how to implement the OpenPGP standard to use the HSM to handle cryptographic operations. PKCS11 is the standard to communicate with the HSM, and it is very primitive comparing to the OpenPGP standard.
I am using the Pkcs11Interop library to integrate with the HSM, and BouncyCastle to implement the OpenPGP standard. Does anyone have any experience integrate them together, or have some code examples?
For example, generating keys in an OpenPGP format correspond to some calls to the PKCS11 APIs and the steps may need to take a certain order. Is there any client library that may abstract all that and call a GenerateOpenpgpKeyPair which the HSM can understand (Ideal solution)? Otherwise, I would like to not have to rigorously go through the RFC4880 implementing every last detail and making sure that specific bytes are in the right positions. So ideally I'm looking for a OpenPGP formatting library where I can supply it with an AES key (encrypted with the recipient public key), as well as the AES encrypted signed message, and then the library would make sure that it fits the OpenPGP format.
