Re: [developer preview] smartcard + opengp as a linux gadget

[NIIBE Yutaka]

Vincent Pelletier wrote:
> I would like to announce my implementation of a software CCID card
> reader targeting the Linux gadget subsystem, along with a smartcard OS
> and openpgp card application to use with this reader.

Great.  (And thanks for the patches for tests of Gnuk.  I'll apply
those, soon.)

FWIW, it was around 2008/2009, when Daiki Ueno had an implementation of
USB token toolkit with Linux gadget, called "Tandoori" (IIRC).  I think
that the purpose was similar.

However, today, I can't find any code.

All that I found is a record of symposium called ComSys2008 (in
Japanese):

https://iss.ndl.go.jp/books/R10002-I09985680-00

Historically, it was done before Gnuk.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Plan B - Who carries the torch?

[Ángel]

On 2021-01-03 at 15:35 +0100, karel-v_g--- via Gnupg-users wrote:
> > Yeah.  Less time worrying about how to make OpenPGP continue
> > for>another twenty years, more time spent about how to make a next-
> > >generation cryptographic tool that will occupy the same space
> > OpenPGP>did but will do it better and with more modern techniques.
> I totally agree with you on that. Though I have no idea how to do it,
> I think in the midterm we need something totally new with modern
> crypto-technology, easy to use and lean. Like WireGuard for VPN or
> the modern messengers.

Changing OpenPGP standard to use a Quantum-resistant algorithm would be
"easy".

With really big quote marks in bold typeface. But simple in theory.


First, you would need a new public key algorithm resistant to the new
attack e.g. Quantum-resistant.

I don't think a new simmetric cipher would be needed, current AES
options should stand even in Quantumcalypsis.

Then, you will need to assign an algo id for the new algorithm and set
the way the parameters will be stored in the key. You get all
implementations to add support for that new algorithm (well, at least
all implementations used by people you care about).

Finally, every user will need to discard their now-useless keys,
generate new ones and rebuild the chain of turst from the ground up.


Right now, we don't even have the candidate on what such algorithm will
be. Hopefully, it will appear long before that Quantumcalypsis.
Then, getting one or two implementations to support it may be simple,
but the OpenPGP ecosystem is a very fossilized environment. We still
haven't reached broad ECC support. There are some implementations which
still don't support it at all. And in other cases the program would
support it, but the user happens to use an ancient version that they
didn't update for many years.


As for the need of creating new keys and rebuilding the WoT, that's
sadly a consequence of the way openpgp keys are structured. There's no
clean way to progressively migrate into a new asymmetric algorithm.
For symmetric ciphers you do that with multiple subkeys, but not for
asymmetric keys. Well, you _could_ do that, but either the main key
uses the new algorithm (and thus old clients wouldn't be able to use
the key, so no reason for adding a classic subkey) or if the main key
used a classic algorithm, that would be the key being attacked, so
there is still no point for that.
At most, you could use two separate keys, one using "new" and other
"classic" crypto, and use them selectively (depending on who you
communicate with) or in parallel (i.e. always signing everything with
both keys).
It would be nice to have a way to attach a new, modern, key to a
backwards-compatible key, but that seems hard to construct (the
fingerprint would *not* cover the new key, or otherwise, you would need
to (ab)use an ignored portion of the public key block).


Regards

Ángel



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Plan B - Who carries the torch?

[Stefan Claas via Gnupg-users]

On Mon, Jan 4, 2021 at 3:27 PM Vincent Breitmoser via Gnupg-users
 wrote:
>
>
> > My understanding is that sequoia pgp, due to the fact that it is written in 
> > Rust may
> > probably see not it's light in major Linux distributions as an apt-get 
> > option
>
> While it's true that Rust crates aren't straightforward to package in Debian,
> sequoia-the-library in version 1.0.0 is indeed packaged in Debian bullseye as 
> of
> 2020-12-16, so should make its way through the apt ecosystem through the year.
>
> https://packages.debian.org/testing/source/rust-sequoia-openpgp
>
> https://sequoia-pgp.org/blog/2020/12/16/202012-1.0/

Ah, cool. I was not (yet) aware of it. And seeing dkg listed as a
package maintainer is a bonus too, IMHO. :-)

Best regards
Stefan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Plan B - Who carries the torch?

[Vincent Breitmoser via Gnupg-users]

> My understanding is that sequoia pgp, due to the fact that it is written in 
> Rust may
> probably see not it's light in major Linux distributions as an apt-get option

While it's true that Rust crates aren't straightforward to package in Debian,
sequoia-the-library in version 1.0.0 is indeed packaged in Debian bullseye as of
2020-12-16, so should make its way through the apt ecosystem through the year.

https://packages.debian.org/testing/source/rust-sequoia-openpgp

https://sequoia-pgp.org/blog/2020/12/16/202012-1.0/

 - V


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users