Re: smartcard reader
Hi All, Am 20.10.16 um 19:46 schrieb li...@michel-messerschmidt.de: >> Are there any new options that weren't listed already? > > yubikey4 > > Although I had very good experience with the SPR 532 (and a lot of trouble > with another Cyberjack reader, the Comfort IIRC), the yubikey token has a > better trade-off between usability and security for me. > > Mainly because its usable on mobile devices through openkeychain, but good > support of 4k RSA keys is also welcome. Lack of a pin-pad is the main > drawback. Tamper resistance and firmware source may be other discussion > topics. Not sure the YubiKey4 is a good choice to start with. I bought one specifically for use with GnuPG (and for its U2F support). I had a lot of troubles getting my YubiKey on it. It finally worked using a recent Ubuntu, but on my Macbook with MacOS "El Capitan" I am unable to access the keys. I only get "card error". Digging deeper with dtruss (kind of "strace") I got as far as that scdaemon gets a "pcsc: sharing violation". I /think/ it worked exactly once. But then I played a bit with the PIV applet on the YubiKey (using yubico's piv-tool), and since then I can not get to the OpenPGP applet on the YubiKey. Only the PIV works (I see my x509 certificates in there in Keychain and can used in Safari to authenticate to for example StartSSL.com) (Any hints to get PIV and OpenPGP work side-by-side are most welcome.) Tl;dr: If adding the YubiKey, then there should be a warning not to never play with the PIV applet on it. Best regards Björn -- | Bjoern Kahl +++ Siegburg +++Germany | | "mls@-my-domain-" +++www.bjoern-kahl.de | | Languages: German, English, Ancient Latin (a bit :-)) | ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: yubikey 4 openkeychain rsa [WAS: smartcard reader]
The Yubikey Neo has NFC which is how it is usable with android. There is a video of it in action here: https://grepular.com/An_NFC_PGP_SmartCard_For_Android On Sat, Oct 22, 2016 at 2:46 AM, Thomas Glanzmannwrote: > Hello Michel, > > [RESEND: forgot list] > > > Mainly because its usable on mobile devices through openkeychain > > I have two yubikeys myself, one yubikey 4 nano constantly plugged into > my main workstation and another yubikey4 on my keychain. I use it for > ssh authentication and gpg also using ssh and gpg agent forwarding. > Works like a charm. But since the yubikey has no option for RFID I > wonder how you can use it on android? I use maildroid to read my email > on android. Is there a step by step howto how to get that working? > > Cheers, > Thomas > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard reader
Am 22.10.2016 um 00:26 schrieb Gregor Zattler: >> I've posted a "success report" about card readers a year ago: >> https://lists.gnupg.org/pipermail/gnupg-users/2015-August/054102.html >> >> The Reiner cyberJack Go "plus" (USB id 0c4b:0504) works fine, >> not sure about the version with "plus" though. > > Isn't there a contradiction between the last line and the line > before the last one? Sorry: did you test the "plus" version or not? yes, I noticed, too, after sending the message :o) I tested the plus version. The "with" should be a "without". See the earlier success report. May be we can add pictures to the wiki of some readers or include a side-by-side picture. I still have all three of them sitting on my desk. That might help others to decide. Cheers, Thomas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Concerning subkey passwords: changes to private key storage method?
On Thu, 20 Oct 2016 12:29, initra...@initramfs.io said: > If I recall correctly, GPG private keys are stored under symmetric > encryption where a PBKDF derives the symmetric encryption key, > protecting the keys in case of compromise. Having separate passwords per > subkey implies that each key is encrypted and stored separately. This Right. However, gpg tries to make sure that the same passphrase is used for the primary and the subkeys. This has always been the case. A new thing we do in 2.1 is to try a cached passphrase from any key on the keyblock. This solves the common use case to first decrypt a message (using a subkey) and then send a signed reply (using the primary key). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpkJ4MHAsf7n.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
yubikey 4 openkeychain rsa [WAS: smartcard reader]
Hello Michel, [RESEND: forgot list] > Mainly because its usable on mobile devices through openkeychain I have two yubikeys myself, one yubikey 4 nano constantly plugged into my main workstation and another yubikey4 on my keychain. I use it for ssh authentication and gpg also using ssh and gpg agent forwarding. Works like a charm. But since the yubikey has no option for RFID I wonder how you can use it on android? I use maildroid to read my email on android. Is there a step by step howto how to get that working? Cheers, Thomas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users