PGP and Smartcards?

Werner Koch wk at
Fri Jul 22 22:19:22 CEST 2005

On Fri, 22 Jul 2005 19:01:57 +0200, Felix E Klee said:

> OpenPGP cards with 2048 bit keys don't seem to be available at all.
> However, ordinary ISO 7816-4 compliant smart cards are available through
> online outlets.  For example CryptoFlex and CyberFlex cards can be

Good luck getting a secure and fast 2k RSA card.

> Uh, I guess this would cost me too much time.  One solution, though,
> would be to buy a JavaCard and try to run and enhance the OpenPGP Java
> implementation that was started by Zeljko Vrba [3].

Java cards do have some restrictions which don't allow to implement
ISO commands.

> A simpler solution, though, would probably be porting code for accessing
> an Axalto CryptoFlex 32k to GnuPG, or helping fork a "clean" PKCS#11
> library from OpenSC and interfacing it to GnuPG.  But before thinking

We won't support pkcs#11 becuase it is not a standard but a way to
interconnect proprietary applications using proprietary extesions to

> Can the crypto capabilities on an ISO 7816-4 compliant card actually be
> used for doing PGP?

-4 does not define asymmetric crypto.  You want -8.  The OpenPGP card
ISO 7816-8 compliant.

> The thing is: All that I need is a card that can securely store a
> (private) RSA key and that can encrypt and decrypt data with this key.

Well, I am using that for a long time now and the latest gpg releases
work pretty well.  However it you want 2048k RSA I have no instant
solution; OTOH the card is for sure not the weakest link and 1024 RSA
is still far out of scope of any attack.



More information about the Gnupg-users mailing list