GnuPG key storage on Palm?
em at who.net
Wed Dec 26 18:32:01 CET 2001
It must be said that some CPU's for PDA (namely ARM) are much faster than
other (e.g., DragonBall). See e.g. EAY's post archived at
: I have been doing some work on this recently, and also have gotten good,
: results, specifically, PKCS#1 RSA multi-prime on a Palm is 16.5k
: (1024-2 17.63sec, 1024-3 9.6sec, palm IIIx (68xxx 20mhz)), or more
: 18k on a Psion (ARM7 36mhz, 1024-3 private in 0.18sec and 1024-2 in
----- Original Message -----
From: "Werner Koch" <wk at gnupg.org>
To: <gnupg-devel at gnupg.org>
Sent: Wednesday, 26 December, 2001 7:01 PM
Subject: Re: GnuPG key storage on Palm?
> On Mon, 24 Dec 2001 11:46:20 -0600, Andy Steingruebl said:
> > I'm trying to determine the feasibility of storing keyrings on a palm
> > and doing any private computation there. I've seen a few discussions of
> IIRC, Brian Warner did some experiments with that. There is a
> prototype implementation to do secret key operations on an iButton
> (www.cryptolabs.org) which is much less powerful than any PDA.
> > this topic come up, and mostly they said "a PDA is too slow for the
> > necessary operations." I haven't however seen much formal treatment of
> That is not true: Remember back in 1993 when PGP 2 got more and more
> popular, the average desktop box was slower than a modern PDA. Of
> course you should only do the public key encryption and run the bulk
> encryption on the regular machine. There is not much security risk
> with that because you usually keep and edit your plaintext on that
> machine anyway.
> External tokens are very good to protect the secret key against remote
> attacks and even against a trojaned desktop box.
> > I believe the GpgAgent work might solve part of the problem, if PKCS#11
> > PKCS#15 support evolves for GnuPG, then I'd just need a PDA that
> I more and more come to the conclusion, that pkcs 11 and 15 is not
> what we want for gpg-agent; a main goal of those standards is to allow
> independent proprietary applications work together - there is not much
> need for such a goal in the Free Software world. What I have in mind
> and going to implement in January is a Smartcard daemon with a simple
> interface to be used by gpg-agent. By putting such a daemon with the
> same interface (using a serial line or USB instead of an Unix Domain
> Socket) onto a PDA, you get what you want. gpg-agent will then
> delegate all requests for unknown keys to the PDA. Another way to
> achieve the same result would be by movin the gpg-agent directly to
> the PDA, but this has the drawback that it will not be possible to
> keep (not so important) secret keys on the desktop box.
> The protocol will also allow to send the entire plaintext to the PDA,
> so that it can be viewed and signed on that TCB.
> > Pointers to documentation and or project pages appreciated.
> http://www.gnupg.org/aegypten/ will eventually have some documentation
> on this.
> Werner Koch Omnis enim res, quae dando non deficit, dum habetur
> g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
> Privacy Solutions -- Augustinus
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
More information about the Gnupg-devel