Talking about Cryptodevices... which one?
andreas.schwier.ml at cardcontact.de
Sat Jan 24 18:14:01 CET 2015
> Here we go.
> (a) OpenPGPcard compatible device
> With those devices which conform to OpenPGPcard specification, it is
> possible to offer its users following features, using GnuPG and
> related tools.
> (1) OpenPGP support
> (2) SSH support thorough gpg-agent
> (3) X.509 support
> SSL/TLS client certificate authentication
> Because those devices are intended to be used for OpenPGP, OpenPGP
> support is superior.
> But the support for #3 is somehow experimental. Honestly, I don't use
> those features with my device, but just do experiments time to time.
> For OpenPGPcard compatible, we can check existing (or existed)
> "manufacturer" list in the source code, specifically, the function
> get_manufacturer in gnupg/g10/card-util.c.
> (b) (Ab)using other devices with GnuPG
> GnuPG has support of some existing smartcard/token not designed for
> With those devices, I guess that OpenPGP support would be secondary,
> but X.509 support could be considered superior.
> We can check the source code, gnupg/scd/app-*.c (other than openpgp)
> for those support. There are:
> DINSIG (DIN V 66291-1) card
> German Geldkarte
> Telesec NKS card
> pkcs#15 card
> SmartCard-HSM card
> ... but I think that most are outdated, except the last one.
And I would love to use that last device to store my PGP keys as well.
Unfortunately there is a certain resistance to support other devices
than cards conforming with the OpenPGPCard specification.
I want a device that can store all my keys independently of whether it's
a GNUPG key, a SSH key, a X.509 key, a DNSSEC key, a OpenVPN key,
because at the end it's just a private key - there is nothing special in
a GNUPG key that prevents me from storing it on a device other that a
And I don't want to be limited in the number and types of keys on that
device. And I want a secure key escrow scheme where I can backup and
restore sensitive key material - functions the OpenPGPCard specification
does not provide for.
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 571 56149
More information about the Gnupg-users