Smartcard & reader with pin-pad: working combo?
Niels Laukens
niels at dest-unreach.be
Fri Feb 8 10:10:56 CET 2013
Hi,
I've been reading up on smartcard usage lately. I currently store my
master key offline, and only bring it online when I need it (signing
other keys, or generating new subkeys). Moving the private key to a
smartcard seems to only offer security increases, with little to no
downside.
Which brings me to my main question: I'm thinking of buying this
smartcard: OpenPGP SmartCard V2
https://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=42
together with this reader: SCM SPR-332
https://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=61
And would like to get this to work on my MacBook Pro with 10.6.8 (snow
leopard). I'm not afraid to compile from applications from source, but
would prefer not to mess with kernel modules.
How likely is it that this is going to work? The card seems to be
supported by GnuPG, even for 4096RSA keys (which I plan to use). But I'm
not sure about the card reader.
I wanted to get a cardreader with pinpad. That way even a compromised
computer can't sign arbitrary data. (It can substitute my data with
arbitrary data when I'm about to sign, but is still limited by 1
signature per manual pin entry)
So to guard this topic: I'm also interested in the
security-considerations of my intentions, but my main question is: what
are the experiences with the mentioned card & cardreader?
thx,
Niels
More information about the Gnupg-users
mailing list