Date: Tue, 09 May 2017 21:36:37 +0200 From: Alexander Leidinger <Alexander@leidinger.net> To: Matthias Apitz <guru@unixarea.de> Cc: freebsd-usb@freebsd.org Subject: Re: GnuPG && card readers Message-ID: <20170509213637.Horde.u9PInhb6UaNmyy2nhXlnMGr@webmail.leidinger.net> In-Reply-To: <20170509094729.GA3668@c720-r314251>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format and has been PGP signed. --=_-MrAqL6oA1SlQai_zrudX-K Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Matthias Apitz <guru@unixarea.de> (from Tue, 9 May 2017=20=20 11:47:29=20+0200): > Hello, > > The GnuPG project has a list of supported (USB) card readers: > > https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2503= 342 > > Any comments or experiences about which of them are supported in=20=20 >=20FreeBSD 12-C? > Best would be the smallest one to carry it all day in the bag. It's not FreeBSD which needs the support. gnupg comes with the=20=20 drivers,=20FreeBSD only needs to see "a device on the bus", that's enough. Check out the ports security/opensc amd devel/libccid (and gnupg needs=20= =20 to=20be build with the SCDAEMON option of the port). This will bring in=20= =20 the=20pcsc-lite port as a depedency. Those are the "drivers" for USB=20=20 card=20readers if you want to use them beyond what gnupg will do. You need to pay attention that the card reader support "extended=20=20 APDUs"=20(or support for digital signatures, which is more likely to be=20= =20 announced=20in marketing material from the vendor). It may be OK without=20= =20 extended=20APDUs if you only use OpenPGP v2 cards and generate the=20=20 keys/certs=20on the card itself, but if you want to go for bigger keys=20= =20 than=20documented to work on the cards (I was able to put 4k-keys on the=20= =20 OpenPGP=20v2 cards) the extended APDUs are needed. If the reader is CCID=20= =20 compatible,=20the libccid driver will probably work. You can use the=20=20 opensc=20and pcsc-lite tools to transfer certs to the card which you=20=20 created=20with openssl (e.g. 4k keys). Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_-MrAqL6oA1SlQai_zrudX-K Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJZEhpFAAoJEKrxQhqFIICEj98P/jKxQhFNTpxQ5mhXvDph1ZVB aWlNvOmrOqeqGe5EzP/QoLP3n+3wmmrjpY/L3udZx8fHPSyCUqMO8V6YSbkn8INS /6n1XfiRxMzHSIEpP7aJDGuXDrVg32jaiU2E0aVW824N8J7pLxjnCar9qp4Ryy1S cigPilBn+KYRRs8qfnyhHDg7nbDMQEIKpH4f6Sd2eQJx3+m/AjRnnxs8r0lfHrtO cO4Roiu5lQhRQWYMyvK9PMILC2XFkeIeeJ2ED8Y2zuAD0kzEHJ9jbDcLzwUkIErC 4LIRpJadJ+wouN52B2OSwWmU92DONbmLQofOBwzsaNMrzt+JC6Jv6eQ2RIQeCchS sBtu/PmY/ty2eT8cUY9mwIL+E5AqAxNM6wNN70xk5AJYRpaPDBHdCqavfYkridgd /uFP03Y72OpEOYmawogbe8fdVpE1Wx0owoXvd1DgBKAXtl5ysfDERlFQJOZdhGh4 DPXRfn501r0utVm3d17UNBPk+jmCkRa1vHn/KYoj6ZDnOJO6ytx+nPO3QPqnxIJA yBBYjsG2KTHM2Pp86AmrXV8aN4EQFPWZ4xPXcFu6Wwy8CSEuCVYs5d2NZowCge37 ZnSwaq4jHmvEo0B4UAJSwjskotyXmMMwHu4Ut4MZk6c0jk0kLc8ihiXZPHzE9VYU 0zd9mLldmrQoOLxBXeFq =sfMP -----END PGP SIGNATURE----- --=_-MrAqL6oA1SlQai_zrudX-K--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170509213637.Horde.u9PInhb6UaNmyy2nhXlnMGr>