|
Size: 1108
Comment:
|
Size: 949
Comment: Maybe better to put (1)"There are cards that either run...or.." or (2)"Available cards either run ... or ... depending on: Are there cards that do both? Yes=(1), No=(2)s
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 10: | Line 10: |
| * [[OpenPGPcardECC]] | |
| Line 11: | Line 12: |
| == Smartcards? | |
| Line 12: | Line 14: |
| Possible enhancement to OpenPGP card specification 2.0.1 | GnuPG supports the use of hardware [[https://en.wikipedia.org/wiki/Security_token|security tokens]] that come as smartcards. The smartcards are minicomputers that can hold the secret key material and perform crypto operations. Because you need to connect the physical "token" to your machine, the secret key material is well protected against attacks that try to steal it. |
| Line 14: | Line 21: |
| * p22: 4.3.3.6 Algorithm Attributes ** ECDSA: |
Smartcards have to be compatible with GnuPG. Cards exist to either run ~OpenPGP or x509/CMS operations. |
| Line 17: | Line 24: |
| |= Byte|= Length |= Value | | 01 | 01 | Algorithm ID (RFC6637), 19 = ECDSA | | 02-| any | OID of the curve, 2A 86 48 CE 3D 03 01 07 for NIST P-256 | * p23: 4.3.3.7 Private Key Template ** ECDSA: |4D|xx| Extended Header list | | | | B6 or B8 or A4 | 00 | Control Reference Template to indicate the private key | | | | 7F48 | xx | cardholder private key template | | | | | | 91 | xx | Length of private key d | | | | 5F48 | xx | keydata... | * p38: 7.2.8 Compute Digital Signature, DSI for ECDSA 32-byte for NIST P-256 or secp256k1. * p41: 7.2.9 PSO: Decipher Decryption by ECDH. TBD. * p44: 7.2.11 Generate Asymmetric Key Pair 06 xx OID 86 xx public key MPI |
In order to try this, see the howto links above, you may need to acquire a smartcard and a reader or an integrated combination of both. |
Smartcard Tips and Information
- CardReader/PinpadInput
- CardReader/GemaltoPC
- https://wiki.debian.org/GnuPG/CCID_Driver
- http://www.g10code.com/p-card.html
- http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html
- OpenPGPcardECC
Smartcards?
GnuPG supports the use of hardware security tokens that come as smartcards. The smartcards are minicomputers that can hold the secret key material and perform crypto operations. Because you need to connect the physical "token" to your machine, the secret key material is well protected against attacks that try to steal it.
Smartcards have to be compatible with GnuPG. Cards exist to either run OpenPGP or x509/CMS operations.
In order to try this, see the howto links above, you may need to acquire a smartcard and a reader or an integrated combination of both.