Is there anything on the roadmap for the support of certificates (specifically on smart cards or other HSMs) as key providers through PKCS#11 or CAPI?
Also, is digital signing of the KeyPass software itself and support for the signing of plugins on the roadmap?
There already are two certificate-based key providers: CertKeyProvider and RSA Cert Key Provider.
OpenPGP signatures of all official KeePass packages can be found on http://keepass.info/integrity_sig.html . The .NET assemblies are signed; the public keys can be found on http://keepass.info/integrity_netpk.html . For a more simple verification of downloads, hash sums are available on http://keepass.info/integrity.html .
Plugin authors are free to sign their DLL assemblies. PLGX plugins cannot be signed.
RSA Cert Key Provider does not appear to have any license information. CertKeyProvider keeps a separate key, as part of an additional step, outside of the protected storage it interfaces with and also raises what appears to be an unhandled exception when the HSM is not found.
The license will be GPL.
CertKeyProvider uses your CA's certificates. If you find a bug please report it to the author. https://sourceforge.net/users/markbuc/