Is the OpenPGP card open hardware
Werner Koch
wk at gnupg.org
Wed Dec 3 15:14:30 CET 2014
On Wed, 3 Dec 2014 12:38, kai at poeritz.de said:
> I hear a lot of poeple -saying- that the OpenPGP card is "open hardware".
Unfortunately this is not the case. However, I have not heard that
claim. In case you mean the crypto-stick: Its hardware and the software
seems to be free but the actual crypto of the stick is the very same
chip from the "regualr" OpenPGP card. The stick is a card reader with a
glued on card.
The usual question is whether the software on the card is free - which
is also not the case. If you want a free software implementation of the
card, you need to go for gnuk (http://fsij.org/gnuk) but it does not use
a dedicated smart card chip and thus the hardware and thus the keys are
not protected from even simple attacks on the chip.
> E.g. A mecrchandise shop owner at "Linux Tag 2014 in Berlin" that also
> sold the OpenPGP cards said (that was his 1st and major selling point):
> "The thing is open hardware".
kernelconcepts? Did they really say that?
> 1) Is the OpenPGP card indeed open hardware?
No.
> 2) If so, where can I read abaout the hardware layout and the firmware?
Contact NXP or Zeitcontrol.
> 3) If not so, what makes the OpenPGP different from any other
> proprietary samrtcard?
It works and is easy available. The specs are fully published, written
with the goal to support OpenPGP, kept simple, and are used by a couple
of other vendors (mostly for internal projects).
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list