Talking about Cryptodevices... which one?
Werner Koch
wk at gnupg.org
Wed Feb 18 19:51:46 CET 2015
On Sat, 24 Jan 2015 05:05, gniibe at fsij.org said:
> DINSIG (DIN V 66291-1) card
> German Geldkarte
> Telesec NKS card
> pkcs#15 card
> SmartCard-HSM card
>
> ... but I think that most are outdated, except the last one.
DINSIG is still German standard (actually a pre-standard) but I doubt
that you can find any card. Vendors have all moved to their own
standard. The Geldkarte ("Money-card") is a gadget which only allows
you to check the amount of money left on the card. The telesec card
still works, although I don't known about the availability. p15 cards
also work as long as they fully comply to the pkcs#15 standard (only few
do).
> And when you use those devices, you should know that each application
> has tendency to grab smartcard/token access exclusively. At least,
Which makes the use of the card much faster. The PC/SC system is broken
so that even Microsoft replaced it by a system similar to scdaemon
(minidrivers). But don't let me start to rant about it again.
> I don't use X.509 much. I think that it's easily possible for us to
Neither me. That has all been done as part of a contract; now with the
secured funding it would be possible to revive the X.509 support - iff
there is a need for it.
> OpenPGPcard (and its compatible) usually doesn't have any public keys
> of higher layer, because of its limited storage.
... and because of the I/O speed - it would take long to read out keys
with many key signatures. Those who need to use the German eHealth card
know what I mean by slow.
> purpose MCU. In my theory, using general purpose small MCU would be
> superior to avoid malicious/fake hardware features by semiconductor
> vendor. If it's very expensive hardware, specific for "crypto", there
I agree.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list