GnuPG and Smartcards?

[Werner Koch]

On Thu, 10 Jan 2002 10:27:50 +0100 (CET), Max Berger said:

> regular memory smartcard can store between 2 and 16 kbts, making it

Onething you can do, is to store a random nonce on a memory card or an
iButton DS1991 and use this to make the protection of the secring not
vulnerable to dictionart attacks.  

> - is anyone wokring on this / is this already done?

cryptolabs.org has a prototype to use the Java iButton for secret key
handling.  I don't know whether they are still working on it.

One of the goals of the Aegypten project is to provide SC support.  We
have now finished the design and going to start implement it in about
2 weeks.

> - Is such a thing possible using the plugins or would the main code have
> to be manipulated?

The plan is to move all secret key handling to a daemon called
gpg-agent which in turn can delegate the operations to a SC.
Currently this is used with gpgsm (CVS module newpg, see
http://www.gnupg.org/aegypten/) but soon after we have released gnupg
1.0.7 we will change gpg to utilize gpg-agent too.  Later ojn newpg
and Gnupg are merged back into one package.

> - is anyone else interested in such a thing? should I submit upstream
> patches?

Please have a look at the aegypten pages; SC patches won't go into the
current gpg code.

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus