exclusive vs. shared smart card access
NIIBE Yutaka
gniibe at fsij.org
Tue Sep 1 09:54:07 CEST 2015
On 09/01/2015 04:23 PM, Simon Josefsson wrote:
> There is U2F too which is supported by Chrome (works in Debian Stable).
I didn't know that. Is it implemented parallel to OpenPGPcard as a
feature in a single smartcard? How does it work with Yubikey?
If it's implemented by another interface of USB device, it's simpler,
it can co-exist.
Well, I'd imagine that it is now somehow very frustrated for a user,
using OpenPGPcard and U2F simultaneously, if it's implemented as a
single smartcard.
This would be a use case where shared access is somehow required.
Is it possible for the application of U2F for Yubikey to communicate
to scdaemon (like Poldi and Scute)? The reason why I ask is that I
think that OpenPGPcard assumes exclusive access to the card and
scdaemon holds information of card status, if there were
"another channel" to access the card, I don't know how I can implement it
correctly...
Or, I think that it is somehow easily possible to write an application
of U2F which communicates gpg-agent, so that a user can use an
authentication subkey for U2F. For me, this sounds the way to go.
How do you think this direction?
--
More information about the Gnupg-devel
mailing list