Bridging the airgap

Neal H. Walfield neal at
Mon Aug 7 12:13:49 CEST 2017

On Sun, 06 Aug 2017 19:53:14 +0200,
Dirk-Willem van Gulik wrote:
> As per the IRC discussion - below is a slightly hacked testscript of
> ours that allows you to abuse a suitable chipcart or yubico PGP card
> with x509 functionality to `bridge' an airgap during generation
> where one *also* wants the public key to be transported of the
> secure initial generation (or renewal of the expiry of the subkeys)
> by means of a smartcart itself (which you sort of axiomatically need
> to be able to trust they airgap).

This is a neat idea.  Did you try using OpenPGP private DOs (data
objects) to store this data?  See of the OpenPGP card spec:

I'd be interested to hear what cards have enough space for this.

:) Neal

More information about the Gnupg-devel mailing list