Proposal for multiple keys on an OpenPGP smart card

[NIIBE Yutaka]

On 04/04/2015 06:30 AM, Jose Castillo wrote:
> Others in the conversation suggested that it might be advantageous
> to have generic slots for keys, such that a card could contain more
> than one signing or authentication key. After delving into the
> relevant ISO smart card specs, I have a thought as to how this could
> be added to the OpenPGP smart card specification. I’ve written up a
> proposal, which I’m including below.

Thank you for your proposal.  Use of MANAGE SECURITY ENVIRONMENT is
natural to me.

BTW, the idea of supporting more keys was also discussed around Gnuk
Token.  And for Gnuk, there is another way for backward compatibility;
supporting multiple cards within a single token.  This doesn't require
any changes (to the specification and to the host software).

In December 2013, I added an experimental configuration option
--enable-hid-card-change for Gnuk, so that a user can control it's
card status of insertion by CTRL or NumLock key of host PC (I know
it's hackish, but it doesn't require any additional hardware).  I
explained that this feature could be used to support multiple
(virtual) cards within a single token, but it seemed that it didn't
appeal its users.

The new usage of --enable-hid-card-change would be interesting from
the viewpoint of user interaction.  Suppose we will introduce some new
authentication scheme for the device-to-user or the card-to-user, and
traditional PIN will be entered by pinpad/button on the token. Given
this new user authentication and new button, it would be OK to setup
empty PIN for key-to-user authentication; like, heavy authentication
on insertion, but just a confirmation button on
singing/decryption/authentication.
--