OpenPGP smartcard

NIIBE Yutaka gniibe at
Fri Jul 17 07:07:37 CEST 2015


On 07/16/2015 06:25 AM, sdvfds sdvsdv wrote:
> I have been trying to find technical specifications for the g10 openpgp 
> smartcard without much success so far.  Perhaps someone on this list will be 
> able to answer my questions?

I answer what I know of.

The specifications and sample code are available from:

> What is the vendor and model for the crypto chip?

See the page above.

> Is Javacard and/or GlobalPlatform installed?

I don't think so.

> The g10code webpage states that “software on this card is not
> available as free software due to NDAs”.

So, you have visited the page already.  Please read the page
carefully.  If you needed, please download the documentation and read

> Is there any way to verify that the software has not been tampered?

I'd like to ask you, how do you verify for your smartcard(s), in

> Is card firmware writable after it leaves manufacturing/personalization facility?

I don't think the firmware is writable by a user of OpenPGPcard.

> Is PKCS#15 supported?

If you are speaking of OpenPGPcard, I don't think so.

> Are there any “master keys” stored on the card (OS signing keys, applet keys, 
> etc) which end user is unable to alter or reset?

I don't know.

> OpenPGP card specification v2.1 states “Private keys and passwords
> cannot be read from the card with any command or function.”  What
> steps have been taken to comply with this?

Umm... you already read it, and still post questions...

Sorry, I don't understand this question of yours.  Perhaps, you read
the specification in different way.  I think that the specification
just explains there is no command or function defined in the
specification to read out secret data.  There is no guarantee for
non-existence of backdoor or vulnerability, by the specification

I understand that secret data should not be read out from smartcard.
It would be good to ask smartcard manufacturer, too.

More information about the Gnupg-users mailing list