|
Size: 869
Comment:
|
Size: 1202
Comment: Link to Simon Josefsson's Blog Post on generating subkeys for a YubiKey NEO
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| Smartcard Tips and Information | Smartcard Hints and Information |
| Line 5: | Line 5: |
| * [[http://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/|Generating and loading subkeys from an offline computer]] (specifically, for the YubiKey NEO, but recipe can be easily adapted for any smartcard) | |
| Line 10: | Line 11: |
| * [[OpenPGPcardECC]] | |
| Line 11: | Line 13: |
| == Smartcards? | |
| Line 12: | Line 15: |
| Possible enhancement to OpenPGP card specification 2.0.1 | GnuPG supports the use of hardware [[https://en.wikipedia.org/wiki/Security_token|security tokens]] that come as smartcards. The smartcards are minicomputers that can hold the secret key material and perform crypto operations. Because you need to connect the physical "token" to your machine, the secret key material is well protected against attacks that try to steal it. |
| Line 14: | Line 22: |
| * p22: 4.3.3.6 Algorithm Attributes ** ECDSA: |
Smartcards have to be compatible with GnuPG. Cards exist to either run ~OpenPGP or x509/CMS operations. |
| Line 17: | Line 25: |
| |= Byte|= Length |= Value | | 01 | 01 | Algorithm ID (RFC6637), 19 = ECDSA | | 02-| any | OID of the curve, 2A 86 48 CE 3D 03 01 07 for NIST P-256 | ** P23: 4.3.3.7 Private Key Template |4D|xx| Extended Header list | | | | B6 or B8 or A4 | 00 | Control Reference Template to indicate the private key | | | | 7F48 | xx | cardholder private key template | | | | | | 91 | xx | Length of private key (scaler) d | | | | 5F48 | xx | keydata... | |
In order to try this, see the howto links above, you may need to acquire a smartcard and a reader or an integrated combination of both. |
Smartcard Hints and Information
- Generating and loading subkeys from an offline computer (specifically, for the YubiKey NEO, but recipe can be easily adapted for any smartcard)
- CardReader/PinpadInput
- CardReader/GemaltoPC
- https://wiki.debian.org/GnuPG/CCID_Driver
- http://www.g10code.com/p-card.html
- http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html
- OpenPGPcardECC
Smartcards?
GnuPG supports the use of hardware security tokens that come as smartcards. The smartcards are minicomputers that can hold the secret key material and perform crypto operations. Because you need to connect the physical "token" to your machine, the secret key material is well protected against attacks that try to steal it.
Smartcards have to be compatible with GnuPG. Cards exist to either run OpenPGP or x509/CMS operations.
In order to try this, see the howto links above, you may need to acquire a smartcard and a reader or an integrated combination of both.