Hiding secret keys on smart cards
Paul Crowley
paul at cluefactory.org.uk
Wed Nov 22 15:37:54 CET 2000
I'm looking into how GPG might be modified to store secret keys on
smart cards rather than in the filesystem, both for convenience and
security reasons. The architecture of GPG seems very much built on
the assumption that it will retrieve the secret key and carry out the
secret key computation itself, though! I'd be interested to hear how
those who know the internals might suggest it be modified to cleanly
support the use of secret keys that are accessible to GPG only through
a proxy. For example, the public key code currently does a sort of
method dispatch for methods like pubkey_decrypt based on the algorithm
identifier. With this change, you'd need to dispatch on two fields,
one of which would mark where to get the key from and how to do the
work.
I've only started looking at the GPG sources in the last few days so
any suggestions would be gratefully received. Advance thanks,
--
__
\/ o\ paul at cluefactory.org.uk
/\__/ http://www.cluefactory.org.uk/paul/
More information about the Gnupg-devel
mailing list