PGP and Smartcards?
Werner Koch
wk at gnupg.org
Fri Jul 22 22:19:22 CEST 2005
On Fri, 22 Jul 2005 19:01:57 +0200, Felix E Klee said:
> OpenPGP cards with 2048 bit keys don't seem to be available at all.
> However, ordinary ISO 7816-4 compliant smart cards are available through
> online outlets. For example CryptoFlex and CyberFlex cards can be
Good luck getting a secure and fast 2k RSA card.
> Uh, I guess this would cost me too much time. One solution, though,
> would be to buy a JavaCard and try to run and enhance the OpenPGP Java
> implementation that was started by Zeljko Vrba [3].
Java cards do have some restrictions which don't allow to implement
ISO commands.
> A simpler solution, though, would probably be porting code for accessing
> an Axalto CryptoFlex 32k to GnuPG, or helping fork a "clean" PKCS#11
> library from OpenSC and interfacing it to GnuPG. But before thinking
We won't support pkcs#11 becuase it is not a standard but a way to
interconnect proprietary applications using proprietary extesions to
pkcs#11.
> Can the crypto capabilities on an ISO 7816-4 compliant card actually be
> used for doing PGP?
-4 does not define asymmetric crypto. You want -8. The OpenPGP card
ISO 7816-8 compliant.
> The thing is: All that I need is a card that can securely store a
> (private) RSA key and that can encrypt and decrypt data with this key.
Well, I am using that for a long time now and the latest gpg releases
work pretty well. However it you want 2048k RSA I have no instant
solution; OTOH the card is for sure not the weakest link and 1024 RSA
is still far out of scope of any attack.
Salam-Shalom,
Werner
More information about the Gnupg-users
mailing list