[ale] GPG Smartcards

Michael H. Warfield mhw at WittsEnd.com
Thu Dec 1 12:18:31 EST 2011 

On Thu, 2011-12-01 at 11:58 -0500, Michael B. Trausch wrote: 
> On 12/01/2011 10:57 AM, David Tomaschik wrote:
> > The GPF crypto-stick asserts that it supports "all features" of the
> > OpenPGP card version 2, which supports 3 subkeys, each up to 3072 bits
> > in length.  The keys are not independent keys, just subkeys (one of
> > which may be the main key).  Looking at the information on it, it
> > looks like it uses the same smart card chip that the OpenPGP card
> > uses, just without the contact pads and card form factor.
> > 
> > Does that help?  I haven't used it myself, obviously.

> That does... it makes that otherwise small and convenient package not
> fit me terribly well.  :-)

> So I guess I'll be going with two cards and the reader, which I guess is
> a few fractions of a € less expensive anyway.

Strange...  I haven't really looked at the OpenPGP card specification.
I've actually only used smartcards for OpenSSH.  I would HOPE that
single key limitation is NOT a part of the OpenPGP card spec.  That
would make no sense.

It's my understanding, however, that the Aladdin (formerly Gemalto)
eToken USB smart tokens will support OpenPGP card formatting.  Used for
OpenSSH or generic X.509 SSL cert keys, I believe the Aladdin eToken Pro
64K supports something slightly over 20 2048bit RSA keys (2048 bit is
the max size key for that smartcard on that USB key).

They're about $40-$50 up at CDW.  DON'T get the "cheaper" 72K tokens
(those are Java tokens and require their JavaCard applet).  I've used
the 32K cards in the past (and still have one).  You'll need their
pkcs11 middleware layer.  Like I said, though, I can't vouch for their
use with OpenPGP only that I've seen it claimed that they are.  Just
bought a couple the other day to play with.

http://www.cdw.com/shop/products/Aladdin-eToken-Pro-USB-64k-USB-security-key/2269106.aspx

> 	--- Mike

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20111201/de2310bc/attachment.bin

More information about the Ale mailing list