OpenPGP card
In cryptography, the OpenPGP card[1] is an ISO/IEC 7816-4, -8 compatible smart card[2] implementation that is integrated with many GnuPG functions. Using this smart card, various cryptographic tasks (encryption, decryption, digital signing/verification, authentication etc.) can be performed. It allows the storage of secret key material in a secure manner; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function."[1][3] However, a new key pair may be loaded onto the card at any time, overwriting the existing one.
Built on BasicCard,[4] OpenPGP cards can be obtained from a distributor,[5] from Yubico or by becoming a fellow in Free Software Foundation Europe.[6]
The smart card daemon, in combination with the supported smart card readers,[7] as implemented in GnuPG, can be used for many cryptographic applications. With gpg-agent in GnuPG 2, an ssh-agent implementation using GnuPG, an OpenPGP card can be used for SSH authentication also.
With Aloaha [8][9] there is also a proprietary middleware for Windows available.
Vendor IDs
An OpenPGP card features a unique serial number to allow software to ask for a specific card. Serial numbers are assigned on a vendor base and vendors are registered with the FSFE
Assigned vendor ids are:
Id | Name |
---|---|
0x0001 | PPC Card Systems |
0x0002 | Prism |
0x0003 | OpenFortress |
0x0004 | Wewid |
0x0005 | ZeitControl |
0x0006 | Yubico |
0x0007 | OpenKMS |
0x0008 | Scard Solutions |
0xF517 | FSIJ |
The id range 0xff00 to 0xfffe can be used for randomly assigned serial numbers without a specific vendor. The ids 0x0000 and 0xffff may only be used for testing.
References
- ↑ 1.0 1.1 OpenPGP Card specification - version 2.0.1, Achim Pietig, PPC Card Systems GmbH, 2009. URL: http://g10code.com/docs/openpgp-card-2.0.pdf
- ↑ The OpenPGP Card - How to use the Fellowship Smartcard - The GnuPG Smartcard HOWTO, Rebecca Ehlers, Thorsten Ehlers, et al., Free Software Foundation Europe e. V., 2005. URL: http://www.gnupg.org/howtos/card-howto/en/ch01.html#id2472312
- ↑ OpenPGP Card specification - version 1.1, Achim Pietig, PPC Card Systems GmbH, 2004. URL: http://www.g10code.com/docs/openpgp-card-1.1.pdf
- ↑ BasicCard - Smart cards, URL: http://www.basiccard.com/index.html?news.htm
- ↑ Kernel Concepts, http://shop.kernelconcepts.de/index.php?cPath=1_26
- ↑ The Fellowship Smartcard, http://wiki.fsfe.org/FellowshipSmartCard
- ↑ Required Hardware - How to use the Fellowship Smartcard - The GnuPG Smartcard HOWTO, Rebecca Ehlers, Thorsten Ehlers, et al., Free Software Foundation Europe e. V., 2005. URL: http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120
- ↑ Aloaha Smartcard Connector. URL: http://www.aloaha.com/smartcard-software-en/aloaha-cryptographic-service-provider.php
- ↑ Aloaha Smartlogin. URL: http://www.aloaha.com/smartcard-software-en/aloaha-credential-provider.php
|