Talking about Cryptodevices... which one?

Werner Koch wk at gnupg.org
Wed Feb 18 19:51:46 CET 2015


On Sat, 24 Jan 2015 05:05, gniibe at fsij.org said:

> 	DINSIG (DIN V 66291-1) card
> 	German Geldkarte
> 	Telesec NKS card
> 	pkcs#15 card
> 	SmartCard-HSM card
>
> ... but I think that most are outdated, except the last one.

DINSIG is still German standard (actually a pre-standard) but I doubt
that you can find any card.  Vendors have all moved to their own
standard.  The Geldkarte ("Money-card") is a gadget which only allows
you to check the amount of money left on the card.  The telesec card
still works, although I don't known about the availability.  p15 cards
also work as long as they fully comply to the pkcs#15 standard (only few
do).

> And when you use those devices, you should know that each application
> has tendency to grab smartcard/token access exclusively.  At least,

Which makes the use of the card much faster.  The PC/SC system is broken
so that even Microsoft replaced it by a system similar to scdaemon
(minidrivers).  But don't let me start to rant about it again.

> I don't use X.509 much.  I think that it's easily possible for us to

Neither me.  That has all been done as part of a contract; now with the
secured funding it would be possible to revive the X.509 support - iff
there is a need for it.

> OpenPGPcard (and its compatible) usually doesn't have any public keys
> of higher layer, because of its limited storage.

... and because of the I/O speed - it would take long to read out keys
with many key signatures.  Those who need to use the German eHealth card
know what I mean by slow.

> purpose MCU.  In my theory, using general purpose small MCU would be
> superior to avoid malicious/fake hardware features by semiconductor
> vendor.  If it's very expensive hardware, specific for "crypto", there

I agree.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list