Bridging the airgap
Neal H. Walfield
neal at walfield.org
Mon Aug 7 12:13:49 CEST 2017
On Sun, 06 Aug 2017 19:53:14 +0200,
Dirk-Willem van Gulik wrote:
> As per the IRC discussion - below is a slightly hacked testscript of
> ours that allows you to abuse a suitable chipcart or yubico PGP card
> with x509 functionality to `bridge' an airgap during generation
> where one *also* wants the public key to be transported of the
> secure initial generation (or renewal of the expiry of the subkeys)
> by means of a smartcart itself (which you sort of axiomatically need
> to be able to trust they airgap).
This is a neat idea. Did you try using OpenPGP private DOs (data
objects) to store this data? See 4.4.3.1 of the OpenPGP card spec:
https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.3.pdf
I'd be interested to hear what cards have enough space for this.
:) Neal
More information about the Gnupg-devel
mailing list