|
Size: 953
Comment: added some general explanations about smartcards
|
Size: 2162
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| Smartcard Tips and Information | Smartcard Hints and Information |
| Line 5: | Line 5: |
| * [[http://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/|Generating and loading subkeys from an offline computer]] (specifically, for the YubiKey NEO, but recipe can be easily adapted for any smartcard) | |
| Line 7: | Line 8: |
| * https://wiki.debian.org/GnuPG/CCID_Driver * http://www.g10code.com/p-card.html * http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html |
* [[https://wiki.debian.org/GnuPG/CCID_Driver|List of smartcard readers and tokens supported by the GnuPG's in-stock CCID driver.]] * [[http://www.g10code.com/p-card.html|OpenPGP Card]] * [[http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html|How to use the Fellowship Smartcard]] |
| Line 17: | Line 18: |
| The smartcards are little computers that can hold the secret key material and perform crypto operations. | The smartcards are minicomputers that can hold the secret key material and perform crypto operations. |
| Line 21: | Line 22: |
| Smartcards have to be compatible with GnuP. Cards exists to either run ~OpenPGP | Smartcards have to be compatible with GnuPG. Cards exist to either run ~OpenPGP |
| Line 24: | Line 25: |
| In order to try this, see the how-to-links above, you may need to akquire a smartcard and a reader or | In order to try this, see the howto links above, you may need to acquire a smartcard and a reader or |
| Line 26: | Line 27: |
== Use an existing Card Before you can use your existing card, your should import the public key associated with the private key on the card. == Known problem of Yubikey == * Use Yubikey, then, suspend/resume. In this situation, Yubikey requires reset of the device. * You need to plug off Yubikey to plug-in again. * The error recovery will be implemented in GnupG 2.2.6, so that re-plug action will not be required. * Still, user interaction which causes an error is required to detect the event, then, scdaemon does reconnect. == Known Bug(s) of OpenPGPcard == * Encrypted message with 3DES can't be decrypted with [[http://www.g10code.com/p-card.html|OpenPGP Card]] (V2.1, V3.3 without fix) ** Due to the bug, it results: Missing item in object <SCD> ** See: https://dev.gnupg.org/T3576 |
Smartcard Hints and Information
- Generating and loading subkeys from an offline computer (specifically, for the YubiKey NEO, but recipe can be easily adapted for any smartcard)
- CardReader/PinpadInput
- CardReader/GemaltoPC
- List of smartcard readers and tokens supported by the GnuPG's in-stock CCID driver.
- OpenPGP Card
- How to use the Fellowship Smartcard
- OpenPGPcardECC
Smartcards?
GnuPG supports the use of hardware security tokens that come as smartcards. The smartcards are minicomputers that can hold the secret key material and perform crypto operations. Because you need to connect the physical "token" to your machine, the secret key material is well protected against attacks that try to steal it.
Smartcards have to be compatible with GnuPG. Cards exist to either run OpenPGP or x509/CMS operations.
In order to try this, see the howto links above, you may need to acquire a smartcard and a reader or an integrated combination of both.
Use an existing Card
Before you can use your existing card, your should import the public key associated with the private key on the card.
Known problem of Yubikey
- Use Yubikey, then, suspend/resume. In this situation, Yubikey requires reset of the device.
- You need to plug off Yubikey to plug-in again.
- The error recovery will be implemented in GnupG 2.2.6, so that re-plug action will not be required.
- Still, user interaction which causes an error is required to detect the event, then, scdaemon does reconnect.
Known Bug(s) of OpenPGPcard
- Encrypted message with 3DES can't be decrypted with OpenPGP Card (V2.1, V3.3 without fix)
- Due to the bug, it results: Missing item in object <SCD>
- See: https://dev.gnupg.org/T3576