From eugen@leitl.org Tue Sep 10 12:36:00 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: Re: [guardian-dev] OpenPGP Keychain 2.1 with new API Date: Tue, 10 Sep 2013 18:35:57 +0200 Message-ID: <20130910163557.GC10405@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8750657019883613009==" --===============8750657019883613009== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from David Holl ----- Date: Tue, 10 Sep 2013 12:29:17 -0400 From: David Holl To: Natanael Cc: k-9-dev(a)googlegroups.com, guardian-dev Subject: Re: [guardian-dev] OpenPGP Keychain 2.1 with new API -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, Sep 10, 2013 at 05:44:33PM +0200, Natanael wrote: > While mentioning smartcards, the Yubikey Neo seems to have an > OpenPGP smartcard mode (that needs to manually actiated in > firmware), could that work with this app? I would hope so. Does the Neo claim to be compatible with the open specification? http://g10code.com/docs/openpgp-card-2.0.pdf > Then you'd always have a hardware protected keypair (if you don't > lose your Yubikey), so even rootkits can't get your private key. Exactly! :) Rootkits or compromised firmware... And even if a compromised device does cache my pin and use my card (while briefly inserted), I hope to be alerted of any illicit accesses courtessy of the signature counter built into the card. There seem to be at least 3 potential "cards" that I'm aware of: OpenPGP SmartCard V2 Yubikey Neo Crypto Stick https://www.crypto-stick.com/ (I put "cards" in quotes, because the Crypto Stick includes a "thumb" form-factor USB interface. Though not as tiny as the Neo, it still supports 4096 bit keys.) - - David Aside: I selected the OpenPGP SmartCard V2 for my personal use, because the Crypto Stick has been out of stock for a while, and the Yubikey Neo appears to only support 2048 bit keys. If I really want the "thumb" form factor of the Crypto Stick, I may try popping out the ID-000 minicard from the OpenPGP SmartCard and putting it into a "Gemalto USB Shell Token V2" (aka the "IDBridge K30"). Otherwise, the "SCM SCR3500" reader is almost small enough for use on a key chain, and is widely available at reasonable prices. (about $40 total for a SmartCard V2 with a SCM SCR3500 reader.) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSL0jdAAoJEDnNbkIYxVca7psP/1oJT7/IFofnfM8Qs4ugb7RJ 1P3jeZHKD7QtgGtRQk4kUYypvxZq56xGQd2k2hZSUtVYrmewj//Siyi9cpIRrdts h2XUi5RhOUCT6Rz/Zd8Mti0urcEghbxaDHjUa4JichEOlKRAjZsQjc0xnHsuyauw TBGCuOeAhw9gCuKrXOpHnzwnRtcmBRcxLrOn+q9cQCx8EkdEiQgklMl5qqzNpOa3 VnvvMNk5wZ144WUYd5F78Tn9ssDEO/Jt1DO6WtWEJq5DjTAZVxyRXVp1/7e6/se9 haiUJu8Zl8Co7HeLZBtJlNDG2pzqiQu5vCywZyprMFf0ZNpLwpvP7iLmuz2n5R16 0EYQJ5z3g5c2YLivIawxzUO+26gXEDLpFZZFzRf8zobnfYhvqjQFPNU3HtR/jp34 UPgg3urHlUIvGPns3/Z2pfIuyru7uUfLZEWHPiPx/g4pFBLrZAdzyRJZOJ9SWCtd eNdfNGtMf/XfRYyb4eYlEUxEdvt0qJ8M9u+/1jPupDYvVhn/feFgZE/cumlv+AM3 VFA8HvQ1grDgW9JL4KkUCuasEpAjJo9on7AGx0SrKiHyYKSjOCR183yzlckoOz8c O5hhbGb07hL4cfGAIDJ7rBwAliejyrZ2OBHpyLvJ3Eanwbdux72saIcEvmStDK5L MI3+5DeZoV0vBUVmkgxp =3Dpa6I -----END PGP SIGNATURE----- _______________________________________________ Guardian-dev mailing list Post: Guardian-dev(a)lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe(a)lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eug= en%40leitl.org You are subscribed as: eugen(a)leitl.org ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============8750657019883613009==--