Smart cards

Andrew Luke Nesbit email at andrewnesbit.org
Thu Dec 13 16:34:34 CET 2018 

Hey Arthur, what makes you think that Yubikey is trustworthy?

Is it because you have assessed your threat model and you disbelieve
that any potential attacks via Yubikey would be not used against you?

Or have you done an independent audit of the Yubikey and satisfied
yourself that it's safe enough for your reasons?

Or is it a bit of both?

Or is it something completely different?

I'd love something as convenient as Yubikey but given how strictly I've
set up my workflow; and given that I want to make a habit best practices
wherever possible; I cannot use it because it will introduce a weak
link.  I saw a few different devices that look auditable and like I
might be able to trust them more.  I'll find them in my notes and make a
post later.


On 11/12/2018 18:27, Arthur Ulfeldt wrote:
> using openkeychain with a yubikey nfc is totally solid, and convenient.
> I've been using them for years. they also plug into the bottom of the
> phones which some people prefer. 
> 
> On Tue, Dec 11, 2018, 10:14 AM Damien Goutte-Gattat via Gnupg-users
> <gnupg-users at gnupg.org <mailto:gnupg-users at gnupg.org> wrote:
> 
>     On Tue, Dec 11, 2018 at 12:35:57PM +0100, Alessandro Vesely wrote:
>     > Is it possible to get OpenPGP functionality on one of those
>     > contactless cards?
> 
>     I know of at least one NFC-enabled OpenPGP card, the "Fidesmo
>     Card" [1].
> 
>     I never tested it, but from what I remember when I delved into
>     their site, the OpenPGP feature of that card is provided by the
>     same JavaCard applet than the one used in the Yubikey NEO. Which
>     means, among other things, that it does not implement version 3 of
>     the OpenPGP Card specification (so, no ECC keys), and does not
>     support RSA keys larger than 2048 bits.
> 
>     Another provider of NFC-enabled OpenPGP cards was Sigilance [2],
>     but they have since ceased all operations. Their cards were also
>     based on the same JavaCard applet, with the same limitations.
> 
>     I am not aware of an available implementation of the OpenPGP Card
>     v3, with support for ECC keys and RSA 4096-bit, on a NFC-enabled
>     support.
> 
> 
>     - Damien
> 
>     [1] http://shop.fidesmo.com/product/fidesmo-card
>     [2] https://www.sigilance.com/ (warning: expired certificate)
>     _______________________________________________
>     Gnupg-users mailing list
>     Gnupg-users at gnupg.org <mailto:Gnupg-users at gnupg.org>
>     http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

-- 
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9

More information about the Gnupg-users mailing list