OpenPGP card

This is an image of an OpenPGP card from the vendor ZeitControl. This card is pre-punched to be used in ID-000 readers.

In cryptography, the OpenPGP card[1] is an ISO/IEC 7816-4, -8 compatible smart card[2] implementation that is integrated with many GnuPG functions. Using this smart card, various cryptographic tasks (encryption, decryption, digital signing/verification, authentication etc.) can be performed. It allows the storage of secret key material in a secure manner; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function."[1][3] However, a new key pair may be loaded onto the card at any time, overwriting the existing one.

Built on BasicCard,[4] OpenPGP cards can be obtained from a distributor,[5] or by becoming a fellow in Free Software Foundation Europe.[6] Nitrokey[7] and Yubico provide the OpenPGP card as a USB token.

The smart card daemon, in combination with the supported smart card readers,[8] as implemented in GnuPG, can be used for many cryptographic applications. With gpg-agent in GnuPG 2, an ssh-agent implementation using GnuPG, an OpenPGP card can be used for SSH authentication also.

With Aloaha [9][10] there is also a proprietary middleware for Windows available.

Vendor IDs

Yubico USB devices implement OpenPGP card and HOTP cryptographic algorithms.

An OpenPGP card features a unique serial number to allow software to ask for a specific card. Serial numbers are assigned on a vendor base and vendors are registered with the FSFE.

Assigned vendor ids are:

Id Name
0x0001 PPC Card Systems
0x0002 Prism
0x0003 OpenFortress
0x0004 Wewid
0x0005 ZeitControl
0x0006 Yubico
0x0007 OpenKMS
0x0008 Scard Solutions
0xF517 FSIJ

The id range 0xff00 to 0xfffe can be used for randomly assigned serial numbers without a specific vendor. The ids 0x0000 and 0xffff may only be used for testing.

References

  1. 1 2 OpenPGP Card specification - version 2.1.1, Achim Pietig, PPC Card Systems GmbH, 2014. URL: http://g10code.com/docs/openpgp-card-2.1.pdf
  2. The OpenPGP Card - How to use the Fellowship Smartcard - The GnuPG Smartcard HOWTO, Rebecca Ehlers, Thorsten Ehlers, et al., Free Software Foundation Europe e. V., 2005. URL: http://www.gnupg.org/howtos/card-howto/en/ch01.html#id2472312
  3. OpenPGP Card specification - version 1.1, Achim Pietig, PPC Card Systems GmbH, 2004. URL: http://www.g10code.com/docs/openpgp-card-1.1.pdf
  4. BasicCard - Smart cards, URL: http://www.basiccard.com/index.html?news.htm
  5. Kernel Concepts, http://shop.kernelconcepts.de
  6. The Fellowship Smartcard, https://wiki.fsfe.org/Migrated/FellowshipSmartCard
  7. Nitrokey, https://www.nitrokey.com/
  8. Required Hardware - How to use the Fellowship Smartcard - The GnuPG Smartcard HOWTO, Rebecca Ehlers, Thorsten Ehlers, et al., Free Software Foundation Europe e. V., 2005. URL: http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120
  9. Aloaha Smartcard Connector. URL: http://www.aloaha.com/smartcard-software-en/aloaha-cryptographic-service-provider.php
  10. Aloaha Smartlogin. URL: http://www.aloaha.com/smartcard-software-en/aloaha-credential-provider.php
This article is issued from Wikipedia - version of the Friday, March 18, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.