Smart cards

Wiktor Kwapisiewicz wiktor at metacode.biz
Tue Dec 11 20:18:02 CET 2018


On 11.12.2018 19:11, Damien Goutte-Gattat via Gnupg-users wrote:
> On Tue, Dec 11, 2018 at 12:35:57PM +0100, Alessandro Vesely wrote:
>> Is it possible to get OpenPGP functionality on one of those
>> contactless cards?
> 
> I know of at least one NFC-enabled OpenPGP card, the "Fidesmo
> Card" [1].
> 
> I never tested it, but from what I remember when I delved into
> their site, the OpenPGP feature of that card is provided by the
> same JavaCard applet than the one used in the Yubikey NEO. Which
> means, among other things, that it does not implement version 3 of
> the OpenPGP Card specification (so, no ECC keys), and does not
> support RSA keys larger than 2048 bits.

I'm using Fidesmo and it works fine with OpenKeychain, and also through USB NFC
reader with GnuPG. The note about keys is correct, no ECC, RSA only up to 2048 bits.

There are two ways of getting 4096 bits with NFC as far as I'm aware: Yubikey 5
and Cotech Card. The latter I've never seen in real life but given that this is
from the same people that created OpenKeychain I believe it's legit :)

[0]: https://www.yubico.com/product/yubikey-5-nfc/

[1]: https://www.cotech.de/docs/hw-supported-hardware/

Most hardware that supports ECC either supports it only in PIV applet (so not
applicable to OpenPGP) or doesn't use tamper-resistant hardware (depending on
one's threat model this may or may not be OK).

On 11.12.2018 19:51, Alessandro Vesely wrote:
> Fidesmo looks better, except for its depending on the Fidesmo Card App Store.

You don't need the store if you buy the card with OpenPGP (or PGP as they call
it) applet preinstalled. This store is only needed to customize what is in the
card, once PGP is installed you don't need it as Fidesmo PGP speaks standard
protocol.

Disclaimer: I'm not affiliated with any of these companies but I got the Fidesmo
card for free for contributing to OpenKeychain [2].

[2]: https://www.openkeychain.org/pr-incentive

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor



More information about the Gnupg-users mailing list