Re: [guardian-dev] OpenPGP Keychain 2.1 with new API
----- Forwarded message from David Holl
While mentioning smartcards, the Yubikey Neo seems to have an OpenPGP smartcard mode (that needs to manually actiated in firmware), could that work with this app?
I would hope so. Does the Neo claim to be compatible with the open specification? http://g10code.com/docs/openpgp-card-2.0.pdf
Then you'd always have a hardware protected keypair (if you don't lose your Yubikey), so even rootkits can't get your private key.
Exactly! :) Rootkits or compromised firmware... And even if a compromised device does cache my pin and use my card (while briefly inserted), I hope to be alerted of any illicit accesses courtessy of the signature counter built into the card. There seem to be at least 3 potential "cards" that I'm aware of: OpenPGP SmartCard V2 Yubikey Neo Crypto Stick https://www.crypto-stick.com/ (I put "cards" in quotes, because the Crypto Stick includes a "thumb" form-factor USB interface. Though not as tiny as the Neo, it still supports 4096 bit keys.) - - David Aside: I selected the OpenPGP SmartCard V2 for my personal use, because the Crypto Stick has been out of stock for a while, and the Yubikey Neo appears to only support 2048 bit keys. If I really want the "thumb" form factor of the Crypto Stick, I may try popping out the ID-000 minicard from the OpenPGP SmartCard and putting it into a "Gemalto USB Shell Token V2" (aka the "IDBridge K30"). Otherwise, the "SCM SCR3500" reader is almost small enough for use on a key chain, and is widely available at reasonable prices. (about $40 total for a SmartCard V2 with a SCM SCR3500 reader.) -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSL0jdAAoJEDnNbkIYxVca7psP/1oJT7/IFofnfM8Qs4ugb7RJ 1P3jeZHKD7QtgGtRQk4kUYypvxZq56xGQd2k2hZSUtVYrmewj//Siyi9cpIRrdts h2XUi5RhOUCT6Rz/Zd8Mti0urcEghbxaDHjUa4JichEOlKRAjZsQjc0xnHsuyauw TBGCuOeAhw9gCuKrXOpHnzwnRtcmBRcxLrOn+q9cQCx8EkdEiQgklMl5qqzNpOa3 VnvvMNk5wZ144WUYd5F78Tn9ssDEO/Jt1DO6WtWEJq5DjTAZVxyRXVp1/7e6/se9 haiUJu8Zl8Co7HeLZBtJlNDG2pzqiQu5vCywZyprMFf0ZNpLwpvP7iLmuz2n5R16 0EYQJ5z3g5c2YLivIawxzUO+26gXEDLpFZZFzRf8zobnfYhvqjQFPNU3HtR/jp34 UPgg3urHlUIvGPns3/Z2pfIuyru7uUfLZEWHPiPx/g4pFBLrZAdzyRJZOJ9SWCtd eNdfNGtMf/XfRYyb4eYlEUxEdvt0qJ8M9u+/1jPupDYvVhn/feFgZE/cumlv+AM3 VFA8HvQ1grDgW9JL4KkUCuasEpAjJo9on7AGx0SrKiHyYKSjOCR183yzlckoOz8c O5hhbGb07hL4cfGAIDJ7rBwAliejyrZ2OBHpyLvJ3Eanwbdux72saIcEvmStDK5L MI3+5DeZoV0vBUVmkgxp =pa6I -----END PGP SIGNATURE----- _______________________________________________ Guardian-dev mailing list Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org You are subscribed as: eugen@leitl.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
participants (1)
-
Eugen Leitl