Key distribution via NFC

Robert J. Hansen rjh at
Fri Jul 4 05:54:39 CEST 2014

A good friend just gave me a handful of NFC tags that are capable of
storing about 400 bytes.  It's a convenient form factor: a cardboard
disk with an adherent backing, perhaps 2.5cm across.  Bring it close to
a mobile phone and presto, bang, it can access the 400 bytes.

This is too large to store an RSA or DSA2 certificate, unfortunately.
But it got me thinking that with the move to elliptical-curve crypto in
GnuPG 2.1, it might be interesting to think about the possibility of
using NFC tags for certificate distribution.  Keep an NFC tag on your
keychain.  If someone asks you for your certificate, you don't have to
trade a SHA-1 fingerprint -- just put down your keychain and let the
person wave a cell phone over it.

Obviously there are risks associated with NFC, and I haven't done any
real looking at the security model of NFC -- it's very likely there are
big things I'm overlooking.  But the ability to store 400 bytes, to
access it quickly and easily, and all in a tag that costs less than a
dollar and can be read with almost any modern smartphone, is kind of cool.

It might be worth thinking how this can be used.  :)

More information about the Gnupg-users mailing list