Help need to use truecryt + openpgp applet.
gniibe at fsij.org
Sat Feb 21 05:22:22 CET 2015
I maintain Scute and Poldi packages in Debian. I also do minimum
efforts for those software in the upstream. Perhaps, it's better for
me to put my business on the service.html, but my environment is free
software only which won't match most potential customers' requests.
Well, please note that Scute or Poldi is not mature enough yet, and
somehow not well maintained these days.
On 02/21/2015 11:01 AM, Matthias-Christian Ott wrote:
> As mentioned in my more detailed follow-up email on how TrueCrypt
> accesses the "keyfile" on the smartcard, Scute is not able to do this.
I don't recommend using data objects on a smartcard for such a use,
because it's size is usually limited. Say, 255-byte or so, at most.
Here, I explain a bit of existing code (of scdaemon, scute and poldi)
and OpenPGPcard v2.
We also have the data object of 0x7F21 "Cardholder certificate". I
guess that it was intended to hold the X.509 client certificate in
OpenPGPcard v2, which corresponds to the authentication private key on
the card. We have READCERT command in scdaemon to access this
specific data object.
However, this command and the data object itself are not used any more
by GnuPG, Scute, or Poldi. Thus, it would be possible to use this
data object for your experiment. This is abuse, so, I don't
recommend, in general, but only for your experimental usage. This
data object is exceptionally large. I don't remember how large it is
for the original OpenPGPcard, but I know it's 2KiB for Gnuk (if
enabled on compile time).
The access to the data object of 0x7f21 is not controlled by PIN. It
can be accessed by anyone. I think that it could be possible for the
host PC to encrypt the data to be stored, using card's encryption key.
More information about the Gnupg-users