[developer preview] smartcard + opengp as a linux gadget

Vincent Pelletier plr.vincent at gmail.com
Sun Dec 27 05:17:56 CET 2020


Hello,

First: this is announce is aimed at potential contributors (code,
documentation, ...) and experimentation (seeing what this is about,
identifying bugs, ...). It is not aimed at general use: do not use this
(yet) with valuable keys or data.

I would like to announce my implementation of a software CCID card
reader targeting the Linux gadget subsystem, along with a smartcard OS
and openpgp card application to use with this reader.

- CCID card reader:
  https://github.com/vpelletier/python-usb-f-ccid
- smartcard OS:
  https://github.com/vpelletier/python-smartcard
- OpenPGP app:
  https://github.com/vpelletier/python-smartcard-app-openpgp

I describe at length the thought process which led to this project in
the README:
  https://github.com/vpelletier/python-smartcard-app-openpgp/blob/master/README.rst
but in a nutshell this project should be seen as yet another computer
holding private keys (with all the attack surfaces this implies), with
the extra capability of being seen as a smartcard from a host computer.

So, why not a real smartcard, with its minimal attack surface ?
For the hardware flexibility: I wanted an inter-operable token capable
of displaying a grid of random PINs, so that I can use it on an
untrusted computer without leaking the PIN or using it behind my back,
for uses where token theft (for actual use/exposure of the contained
secrets) is not as important as resisting remote accesses.
With this implementation, I can pick up a Pi Zero, put a 2 inches
screen on it and get such functionality.

I'm sure more creative uses of commonly available hardware can be
found, and this is what this project is hoping to allow.

The CCID card reader is considered to be feature-complete.

The OpenPGP app passes the most important tests from the gnuk test
suite (with a few minor patches I sent to its maintainer).
Specifically, it fails strict ATR and Extended Capabilities comparison,
because it does not implement the exact same set of features, and the
non-standard admin-less test variants.

The smartcard OS is the least polished part: it is supposed to be
application-independent, but only the codepaths exercised by OpenPGP
are known to work. I did implement a bit beyond that, but there is
still a lot of work needed - although it is second in priority to
OpenPGP implementation.

Regards,
-- 
Vincent Pelletier



More information about the Gnupg-users mailing list