Help need to use truecryt + openpgp applet.

Thomas Harning Jr. harningt at gmail.com
Thu Feb 19 19:50:45 CET 2015


On Thu Feb 19 2015 at 12:23:34 PM Matthias-Christian Ott <ott at mirix.org>
wrote:

> On 2015-02-19 09:23, Ranjini H.K wrote:
> > Yes my java card supports PKCS#11. Am not so sure about OpenPGP applet.
> > What should i do othercase To make my OpenPGP applet support PKCS#11.
>
> Your Java Card does probably not support PKCS #11. An applet on the card
> might implement it. To make it work, you need a PKCS #11 middleware and
> tell TrueCrypt about it (Settings > Security Tokens... > PKCS #11
> Library Path). If you are using an applet that is supported by OpenSC,
> you can use OpenSC. Otherwise you have to resort to the proprietary
> middleware supplied by the vendor. OpenPGP cards should be supported by
> OpenSC and should be usable with TrueCrypt [1]. There is also a
> proprietary PKCS #11 library that should provide a PKCS #11 interface
> for OpenPGP cards [2]. Otherwise you can try Scute [3].
>
> That said, it is probably better to ask on the OpenSC mailing list [4]
> about PKCS #11.
>
> The Java Card OpenPGP applet seems to be maintained by Yubico at the
> moment [5].
>
> Regards,
> Matthias-Christian
>
> [1] https://github.com/OpenSC/OpenSC/issues/125
> [2] http://smartcard-auth.de/download-de.html
> [3] http://www.scute.org/
> [4] http://sourceforge.net/p/opensc/mailman/
> [5] https://github.com/Yubico/ykneo-openpgp
>
The main issue is that TrueCrypt does not generate a key on-card, but
instead it stores pin-protected data which it reads out when it needs to
unlock the disk.

OpenPGP cards, if I recall right, have no capability to store arbitrary
data.

Perhaps you can file a feature-request against VeraCrypt (the "current"
TrueCrypt project) to implement a mechanism where the master key (or subkey
of sorts) is encrypted with a key stored on-card.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150219/b21992e6/attachment-0001.html>


More information about the Gnupg-users mailing list