Talking about Cryptodevices... which one?

Bob (Robert) Cavanaugh robertc at
Fri Jan 23 22:53:25 CET 2015

What set would you recommend for us Linux types (Fedora 20 in my case) ?

Bob Cavanaugh


-----Original Message-----
From: Gnupg-users [mailto:gnupg-users-bounces at] On Behalf Of Werner Koch
Sent: Friday, January 23, 2015 12:32 PM
To: Felix E. Klee
Cc: gnupg-users at; Faramir
Subject: Re: Talking about Cryptodevices... which one?

On Fri, 23 Jan 2015 12:19, felix.klee at said:

>   * There will be a new batch of cards, with the same functionality but
>     updated print: On the back of the current cards, it says “RSA with
>     up to 3072 bit” when in fact the cards support up to 4096 bit.

The code for the card and the specs will also have some minor updates.
This has been done mostly on requests from the Nitrokey (aka
CryptoStick) folks.  Nothing to worry about.  Achim already send me the
specs and I will put them online soon.

> As for the reader, I got a Reiner SCT cyberJack RFID standard. The RFID

If you do not use Windows I would strongly advise against Rainer

I never achieved to make them work for me, requests for technical
support were never answered, all requests for a sample were rejected or
they quoted unacceptable prices.  Further, the Cyberjack readers run a
lot of code not necessary for accessing the card and the firmware can
easily be updated from the host (if you know how to do that).  Granted,
other vendors also have easy changeable firmware but their
microcontrollers are smaller and writing malware for them is harder.  I
won't trust such devices - we don't know whether the BND has an
agreement with them not to fix exploitable bugs so to allow them
inserting code to track PINs.

Time to build our own pinpad equipped reader?

>   * Decryption of a 30 kB file takes one or two seconds.

The size of the file does not matter.  The card only sees the public key
encrypted session key.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Gnupg-users mailing list
Gnupg-users at

More information about the Gnupg-users mailing list