reviewing wiki / shortlist PIN-pad readers
NIIBE Yutaka
gniibe at fsij.org
Tue Oct 18 10:58:31 CEST 2016
Sorry, I didn't have time to reply your call the other day.
I think that Gemalto Shelltoken Card Reader, which is available
at http://shop.kernelconcepts.de/ is good one.
Please note that OpenPGP card requires specific card readers. Its
users usually use RSA-2048, RSA-3072, or RSA-4096. For those key
sizes, the communication is somewhat difficult for old standard of ISO
7816. (For RSA-1024, most smart card readers work well.)
I recommend TPDU readers, because readers which support extended APDU
level communication tend to have issues for larger size communication.
On 10/18/2016 04:51 PM, Daniel Pocock wrote:
> I was looking at this page:
>
> https://wiki.gnupg.org/CardReader/PinpadInput
>
> Are any of these more outstanding than the others, or it doesn't matter
> which one somebody chooses?
>
> Could anybody comment on which of those are easily available in small
> quantities for developers, or suppliers who are cost effective for small
> quantities?
I implemented the pinpad input support in scdaemon. While I know some
claims that it is good feature, I, for myself, don't think it's worth
to have.
I don't think the attack to USB communication could be mitigated by
pinpad card reader. If such an attack is possible, a user already
would be defeated.
It is common for such card readers to have only numeric pads. That
limits the entropy of passphrase, considerably. And, as far as I
know, I don't know any implementation of card readers in the market,
which firmware is Free Software. With user interface like pinpad
input, it is more difficult for me to trust an implementation of such
a card reader.
--
More information about the Gnupg-users
mailing list