|
Size: 869
Comment:
|
Size: 950
Comment: Hints or simply Advice
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| Smartcard Tips and Information | Smartcard Hints and Information |
| Line 10: | Line 10: |
| * [[OpenPGPcardECC]] | |
| Line 11: | Line 12: |
| == Smartcards? | |
| Line 12: | Line 14: |
| Possible enhancement to OpenPGP card specification 2.0.1 | GnuPG supports the use of hardware [[https://en.wikipedia.org/wiki/Security_token|security tokens]] that come as smartcards. The smartcards are minicomputers that can hold the secret key material and perform crypto operations. Because you need to connect the physical "token" to your machine, the secret key material is well protected against attacks that try to steal it. |
| Line 14: | Line 21: |
| * p22: 4.3.3.6 Algorithm Attributes ** ECDSA: |
Smartcards have to be compatible with GnuPG. Cards exist to either run ~OpenPGP or x509/CMS operations. |
| Line 17: | Line 24: |
| |= Byte|= Length |= Value | | 01 | 01 | Algorithm ID (RFC6637), 19 = ECDSA | | 02-| any | OID of the curve, 2A 86 48 CE 3D 03 01 07 for NIST P-256 | ** P23: 4.3.3.7 Private Key Template |4D|xx| Extended Header list | | | | B6 or B8 or A4 | 00 | Control Reference Template to indicate the private key | | | | 7F48 | xx | cardholder private key template | | | | | | 91 | xx | Length of private key (scaler) d | | | | 5F48 | xx | keydata... | |
In order to try this, see the howto links above, you may need to acquire a smartcard and a reader or an integrated combination of both. |
Smartcard Hints and Information
- CardReader/PinpadInput
- CardReader/GemaltoPC
- https://wiki.debian.org/GnuPG/CCID_Driver
- http://www.g10code.com/p-card.html
- http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html
- OpenPGPcardECC
Smartcards?
GnuPG supports the use of hardware security tokens that come as smartcards. The smartcards are minicomputers that can hold the secret key material and perform crypto operations. Because you need to connect the physical "token" to your machine, the secret key material is well protected against attacks that try to steal it.
Smartcards have to be compatible with GnuPG. Cards exist to either run OpenPGP or x509/CMS operations.
In order to try this, see the howto links above, you may need to acquire a smartcard and a reader or an integrated combination of both.