New smart card / token alternative

vedaal at vedaal at
Mon Nov 6 23:26:47 CET 2017

On 11/6/2017 at 4:55 PM, "Tim Steiner" <t at> wrote:

\We have been working on a project to build a direct interface for PGP/GPG usage using U2F for web apps and browser extensions. This is similar to existing smart cards and tokens but no software install is required.

We set out to solve this problem -"Man, I really wish I could read this PGP message, or send this message, or open this file, or sign this file, but I don't have my laptop with me"

With this solution you can keep the key offline, carry it with you and it works even on a computer where you can't install software -

We are interested to hear feedback on this approach from the community.


Using this on anything except your own computer, or laptop, is problematic, 
as the 'host' computer can have a key-logger or screen capturer, and copy the decrypted plaintext, or the plaintext to be encrypted.

Can it be made to work with Tails/Tor which uses GunPG ?

(The  'insecure' browser on Tails not involving Tor, is a Firefox variant.   
If it can work on that, then booting from the Tails USB avoids a screencapturer, and using on on-screen keyboard avoids a hardware keyboard logger.

But even so, there are problems with using it on an 'unknown' computer :


More information about the Gnupg-users mailing list