----- Forwarded message from David Holl <david@ad5ey.net> ----- Date: Tue, 10 Sep 2013 12:29:17 -0400 From: David Holl <david@ad5ey.net> To: Natanael <natanael.l@gmail.com> Cc: k-9-dev@googlegroups.com, guardian-dev <guardian-dev@lists.mayfirst.org> Subject: Re: [guardian-dev] OpenPGP Keychain 2.1 with new API -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, Sep 10, 2013 at 05:44:33PM +0200, Natanael wrote:
While mentioning smartcards, the Yubikey Neo seems to have an OpenPGP smartcard mode (that needs to manually actiated in firmware), could that work with this app?
I would hope so. Does the Neo claim to be compatible with the open specification? http://g10code.com/docs/openpgp-card-2.0.pdf
Then you'd always have a hardware protected keypair (if you don't lose your Yubikey), so even rootkits can't get your private key.
Exactly! :) Rootkits or compromised firmware... And even if a compromised device does cache my pin and use my card (while briefly inserted), I hope to be alerted of any illicit accesses courtessy of the signature counter built into the card. There seem to be at least 3 potential "cards" that I'm aware of: OpenPGP SmartCard V2 Yubikey Neo Crypto Stick https://www.crypto-stick.com/ (I put "cards" in quotes, because the Crypto Stick includes a "thumb" form-factor USB interface. Though not as tiny as the Neo, it still supports 4096 bit keys.) - - David Aside: I selected the OpenPGP SmartCard V2 for my personal use, because the Crypto Stick has been out of stock for a while, and the Yubikey Neo appears to only support 2048 bit keys. If I really want the "thumb" form factor of the Crypto Stick, I may try popping out the ID-000 minicard from the OpenPGP SmartCard and putting it into a "Gemalto USB Shell Token V2" (aka the "IDBridge K30"). Otherwise, the "SCM SCR3500" reader is almost small enough for use on a key chain, and is widely available at reasonable prices. (about $40 total for a SmartCard V2 with a SCM SCR3500 reader.) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSL0jdAAoJEDnNbkIYxVca7psP/1oJT7/IFofnfM8Qs4ugb7RJ 1P3jeZHKD7QtgGtRQk4kUYypvxZq56xGQd2k2hZSUtVYrmewj//Siyi9cpIRrdts h2XUi5RhOUCT6Rz/Zd8Mti0urcEghbxaDHjUa4JichEOlKRAjZsQjc0xnHsuyauw TBGCuOeAhw9gCuKrXOpHnzwnRtcmBRcxLrOn+q9cQCx8EkdEiQgklMl5qqzNpOa3 VnvvMNk5wZ144WUYd5F78Tn9ssDEO/Jt1DO6WtWEJq5DjTAZVxyRXVp1/7e6/se9 haiUJu8Zl8Co7HeLZBtJlNDG2pzqiQu5vCywZyprMFf0ZNpLwpvP7iLmuz2n5R16 0EYQJ5z3g5c2YLivIawxzUO+26gXEDLpFZZFzRf8zobnfYhvqjQFPNU3HtR/jp34 UPgg3urHlUIvGPns3/Z2pfIuyru7uUfLZEWHPiPx/g4pFBLrZAdzyRJZOJ9SWCtd eNdfNGtMf/XfRYyb4eYlEUxEdvt0qJ8M9u+/1jPupDYvVhn/feFgZE/cumlv+AM3 VFA8HvQ1grDgW9JL4KkUCuasEpAjJo9on7AGx0SrKiHyYKSjOCR183yzlckoOz8c O5hhbGb07hL4cfGAIDJ7rBwAliejyrZ2OBHpyLvJ3Eanwbdux72saIcEvmStDK5L MI3+5DeZoV0vBUVmkgxp =pa6I -----END PGP SIGNATURE----- _______________________________________________ Guardian-dev mailing list Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org You are subscribed as: eugen@leitl.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5