Accessing the private DOs of the smartcard
Sven Radde
email at sven-radde.de
Wed Apr 9 12:46:17 CEST 2008
Hello GnuPG users,
Is there a convenient way to access the data objects of the OpenPGP
smartcard? The best thing I know is to use "gpg --card-edit" to get at
the PIN-protected DOs, which is cumbersome and does not give a very
machine-friendly output...
What I am thinking of is the following:
The card with its PIN counters represents a protection against brute
force attempts, that is not available to other software-only crypto
applications like EncFS, Truecrypt etc. Consequently, the card PIN can
be shorter than the overlong passphrases needed to secure those
applications.
Now, it would be really nice to store a long passphrase into one of the
PIN-protected data objects and have the possibility to pipe that to one
of those applications.
This way, e.g., a Truecrypt volume would be protected by a very long
passphrase, while the owner has the convenience of "unlocking" that
passphrase using his/her shorter smartcard PIN.
Can this be accomplished using some scripting? Or may I suggest to add
"--card-do1" through "--card-do4" as new commands to GnuPG which would
print the respective string to standard output after asking for the PIN
when applicable?
Thanks for listening :-)
Sven
More information about the Gnupg-users
mailing list