Re: smartcard reader

2016-10-22 Thread Bjoern Kahl 

 Hi All,

Am 20.10.16 um 19:46 schrieb li...@michel-messerschmidt.de:
>> Are there any new options that weren't listed already?
> 
> yubikey4
> 
> Although I had very good experience with the SPR 532 (and a lot of trouble 
> with another Cyberjack reader, the Comfort IIRC), the yubikey token has a 
> better trade-off between usability and security for me.
> 
> Mainly because its usable on mobile devices through openkeychain, but good 
> support of 4k RSA keys is also welcome. Lack of a pin-pad is the main 
> drawback. Tamper resistance and firmware source may be other discussion 
> topics.

 Not sure the YubiKey4 is a good choice to start with.  I bought one
 specifically for use with GnuPG (and for its U2F support).  I had a
 lot of troubles getting my YubiKey on it.  It finally worked using a
 recent Ubuntu, but on my Macbook with MacOS "El Capitan" I am unable
 to access the keys.  I only get "card error".  Digging deeper with
 dtruss (kind of "strace") I got as far as that scdaemon gets a "pcsc:
 sharing violation".

 I /think/ it worked exactly once.  But then I played a bit with the
 PIV applet on the YubiKey (using yubico's piv-tool), and since then
 I can not get to the OpenPGP applet on the YubiKey.  Only the PIV
 works (I see my x509 certificates in there in Keychain and can used
 in Safari to authenticate to for example StartSSL.com)

 (Any hints to get PIV and OpenPGP work side-by-side are most welcome.)


 Tl;dr:

 If adding the YubiKey, then there should be a warning not to never
 play with the PIV applet on it.


 Best regards

Björn

-- 
| Bjoern Kahl   +++   Siegburg   +++Germany |
| "mls@-my-domain-"   +++www.bjoern-kahl.de |
| Languages: German, English, Ancient Latin (a bit :-)) |

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: yubikey 4 openkeychain rsa [WAS: smartcard reader]

2016-10-22 Thread kendrick eastes 
The Yubikey Neo has NFC which is how it is usable with android. There is a
video of it in action here:
https://grepular.com/An_NFC_PGP_SmartCard_For_Android

On Sat, Oct 22, 2016 at 2:46 AM, Thomas Glanzmann 
wrote:

> Hello Michel,
>
> [RESEND: forgot list]
>
> > Mainly because its usable on mobile devices through openkeychain
>
> I have two yubikeys myself, one yubikey 4 nano constantly plugged into
> my main workstation and another yubikey4 on my keychain. I use it for
> ssh authentication and gpg also using ssh and gpg agent forwarding.
> Works like a charm. But since the yubikey has no option for RFID I
> wonder how you can use it on android? I use maildroid to read my email
> on android. Is there a step by step howto how to get that working?
>
> Cheers,
> Thomas
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

2016-10-22 Thread Thomas Jarosch 
Am 22.10.2016 um 00:26 schrieb Gregor Zattler:
>> I've posted a "success report" about card readers a year ago:
>> https://lists.gnupg.org/pipermail/gnupg-users/2015-August/054102.html
>>
>> The Reiner cyberJack Go "plus" (USB id 0c4b:0504) works fine,
>> not sure about the version with "plus" though.
> 
> Isn't there a contradiction between the last line and the line
> before the last one?  Sorry: did you test the "plus" version or not?

yes, I noticed, too, after sending the message :o)
I tested the plus version. The "with" should be a "without".
See the earlier success report.

May be we can add pictures to the wiki of some readers
or include a side-by-side picture. I still have all three
of them sitting on my desk. That might help others to decide.

Cheers,
Thomas


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Concerning subkey passwords: changes to private key storage method?

2016-10-22 Thread Werner Koch 
On Thu, 20 Oct 2016 12:29, initra...@initramfs.io said:

> If I recall correctly, GPG private keys are stored under symmetric
> encryption where a PBKDF derives the symmetric encryption key,
> protecting the keys in case of compromise. Having separate passwords per
> subkey implies that each key is encrypted and stored separately. This

Right.  However, gpg tries to make sure that the same passphrase is used
for the primary and the subkeys.  This has always been the case.

A new thing we do in 2.1 is to try a cached passphrase from any key on
the keyblock.  This solves the common use case to first decrypt a
message (using a subkey) and then send a signed reply (using the primary
key).


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpkJ4MHAsf7n.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

yubikey 4 openkeychain rsa [WAS: smartcard reader]

2016-10-22 Thread Thomas Glanzmann 
Hello Michel,

[RESEND: forgot list]

> Mainly because its usable on mobile devices through openkeychain

I have two yubikeys myself, one yubikey 4 nano constantly plugged into
my main workstation and another yubikey4 on my keychain. I use it for
ssh authentication and gpg also using ssh and gpg agent forwarding.
Works like a charm. But since the yubikey has no option for RFID I
wonder how you can use it on android? I use maildroid to read my email
on android. Is there a step by step howto how to get that working?

Cheers,
Thomas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users