Question about getting started with PGP and smart cards

Martin Ilchev martini5468 at gmail.com
Mon Feb 29 16:31:52 CET 2016


Hi Josh,

I am using a smart card and reader for about 6 months now. The set up I
went with is:
Smart-card "OpenPGP Smartcard V2.1" from kernel concepts (
http://shop.kernelconcepts.de/). The card supports keys up to 4096 length
with gpg2.

Card-reader - Gemalto GemPC Twin/TR (IDBridge CT30) - works out of the box
on linux and windows (tested it on windows 7 SP1 and windows 8.1). I got
mine here
http://www.smartcardfocus.com/shop/ilp/id~463/gemalto-gempc-twin-tr-idbridge-ct30-/p/index.shtml

To get the card reader working in Linux I used this guide to get me started
(was able to set everything up with no hassle) -
https://www.corsac.net/?rub=blog&post=1548. I only needed to
install pcsc-tools and pcscd.

For Windows I installed gpg4win and migrated my linux gpg.conf and keys
over and it just worked. Also in windows if you want to use putty with a
smart card you will need a patched putty agent. You can get one from here
http://smartcard-auth.de/ssh-en.html. It is free to use with OpenPGP
Smartcards from kernel concepts so a win-win :).

Last but not least - make sure to back up your private keys! Once a key is
on the card it is impossible to get it back.

I only got the above for test use but now I am using it every day at work,
at home and on my laptop without any issues. I can sign, encrypt/decrypt as
well as authenticate for SSH with a single smart card.

Let me know if you need any additional information.

Regards,
Martin

On Sat, 27 Feb 2016 at 17:44 Antoine Michard <antoine.michard at chezgeek.fr>
wrote:

> I've try, on Fedora 23 I can't use my USB smartcard reader without PCSC
> daemon
>
> This package are needed: pcsc-lite pcsc-lite-ccid pcsc-tools
>
> Antoine Michard
> GPG Key: 0xF5C9E7CD0882B381
>
> Le 27/02/2016 18:14, Peter Lebbing a écrit :
> > On 27/02/16 17:58, Antoine Michard wrote:
> >> But on Linux is not so easy. You have to install all needed depencies
> for the
> >> reader (pcscd)
> >
> > I should note that pcscd is not needed for the readers I mentioned in my
> reply,
> > since they are well supported through the builtin driver of scdaemon
> (and GnuPG
> > 1.4).
> >
> > In fact, installing pcscd will make it more difficult to use. I suggest
> to only
> > use pcscd for readers that are not natively supported by GnuPG, unless
> you have
> > specific needs (usually when you want to use smartcards for more things
> than GnuPG).
> >
> >> and sometimes Gnome Keyring will make harder to make it work [5].
> >
> > Heck, yeah.
> >
> > HTH,
> >
> > Peter.
> >
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160229/de8a7af1/attachment.html>


More information about the Gnupg-users mailing list