[guardian-dev] OpenPGP smartcards on Android WAS: OpenPGP Keychain 2.1 with new API
Hans-Christoph Steiner
hans at guardianproject.info
Tue Sep 10 14:01:13 EDT 2013
Not to hijack this thread, but since its already veered towards talking about
smartcards, I'll add that GnuPG's scdaemon is included in our GPG for Android
that is already in the Play Store. We haven't tried the scdaemon at all, but
some others might have:
https://dev.guardianproject.info/issues/1787
https://dev.guardianproject.info/issues/1734
https://dev.guardianproject.info/issues/1489
.hc
On 09/10/2013 12:29 PM, David Holl wrote:
> On Tue, Sep 10, 2013 at 05:44:33PM +0200, Natanael wrote:
>> While mentioning smartcards, the Yubikey Neo seems to have an
>> OpenPGP smartcard mode (that needs to manually actiated in
>> firmware), could that work with this app?
>
> I would hope so. Does the Neo claim to be compatible with the open
> specification? http://g10code.com/docs/openpgp-card-2.0.pdf
>
>> Then you'd always have a hardware protected keypair (if you don't
>> lose your Yubikey), so even rootkits can't get your private key.
>
> Exactly! :) Rootkits or compromised firmware... And even if a
> compromised device does cache my pin and use my card (while briefly
> inserted), I hope to be alerted of any illicit accesses courtessy
> of the signature counter built into the card.
>
> There seem to be at least 3 potential "cards" that I'm aware of:
> OpenPGP SmartCard V2
> Yubikey Neo
> Crypto Stick https://www.crypto-stick.com/
>
> (I put "cards" in quotes, because the Crypto Stick includes a
> "thumb" form-factor USB interface. Though not as tiny as the
> Neo, it still supports 4096 bit keys.)
>
> - David
>
> Aside:
>
> I selected the OpenPGP SmartCard V2 for my personal use, because
> the Crypto Stick has been out of stock for a while, and the Yubikey
> Neo appears to only support 2048 bit keys. If I really want the
> "thumb" form factor of the Crypto Stick, I may try popping out the
> ID-000 minicard from the OpenPGP SmartCard and putting it into a
> "Gemalto USB Shell Token V2" (aka the "IDBridge K30"). Otherwise,
> the "SCM SCR3500" reader is almost small enough for use on a key
> chain, and is widely available at reasonable prices. (about $40
> total for a SmartCard V2 with a SCM SCR3500 reader.)
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>
> You are subscribed as: hans at guardianproject.info
>
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 939 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130910/cae354a3/attachment.pgp>
More information about the Guardian-dev
mailing list