Re: Checking multiple smart cards before asking for one

On Dienstag, 12. Mai 2020 10:56:19 CEST Valentin Ochs wrote: > Hi there, > > I have two smart cards, a regular card that I plug into the builtin reader > of my laptop and a yubikey, that have two different keys on them. I store > some passwords in a file that is encrypted

Re: Checking multiple smart cards before asking for one

Wiktor Kwapisiewicz [2020-05-12 14:08] wrote: > Hi Valentin, > > I believe this will work seamlessly in GnuPG 2.3. > > You can track this ticket: https://dev.gnupg.org/T4695 Hi Wiktor, thanks for the reply. That issue is indeed what initially prompted me to make a second key for the second

Re: Checking multiple smart cards before asking for one

Hi Valentin, I believe this will work seamlessly in GnuPG 2.3. You can track this ticket: https://dev.gnupg.org/T4695 Kind regards, Wiktor -- https://metacode.biz/@wiktor ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Checking multiple smart cards before asking for one

Hi there, I have two smart cards, a regular card that I plug into the builtin reader of my laptop and a yubikey, that have two different keys on them. I store some passwords in a file that is encrypted with both keys. When I try to access the passwords, pinentry will always ask me to insert

Re: Smart cards

OpenPGP-Card-Applet. The card supports common algorithms such as MD5, SHA-family, DES, AES, RSA. I think you may want to mention those cards on your Implementations of the OpenPGP application for smart cards page. Best Ale -- > [1] http://shop.fidesmo.com/product/fidesmo-ca

Re: Keyring management with multiple smart cards

On 17.12.2018 03:28, Louis Opter wrote: > Where is the procedure to remove shadow files documented? I found this to be > confusing to do, hence why I favored different subkeys for different > smartcards. Uhm, this is kind of internal GnuPG details so I guess it's not documented anywhere. But

Re: Keyring management with multiple smart cards

On Sat, Dec 15, 2018, at 12:53 AM, Wiktor Kwapisiewicz wrote: > 1. I use one smartcard as a primary device so T2291 isn't that critical, if > that > one fails I can just remove shadow files and --card-status a new card, it will > work. That doesn't happen frequently so manual removal of shadow

Re: Keyring management with multiple smart cards

Hi Louis, I have a very similar setup. After working with several different options and encountering the same problems as you have (GPG does not encrypt to all encryption subkeys, not possible to have the same subkeys on different smartcards) I observed the following facts: 1. I use one

Keyring management with multiple smart cards

Hello, I have a certify-only master keypair in an air-gapped machine. I only use that machine to create subkeys and sign other people keys. The subkeys are copied onto smartcards which I use in daily life. Assuming that smartcards aren't indestructible and can be lost I always have a backup

Re: Smart cards

On Thu 13/Dec/2018 10:48:52 +0100 Andreas Schwier wrote: > >> I agree that smartphones are not safe, but I am not particularly in favor of >> smartcards, dongles, and security tokens like yubikeys, either. >> >> Any kind of special-purpose cryptographic *hardware* is essentially >>

Re: Smart cards

Hey Arthur, what makes you think that Yubikey is trustworthy? Is it because you have assessed your threat model and you disbelieve that any potential attacks via Yubikey would be not used against you? Or have you done an independent audit of the Yubikey and satisfied yourself that it's safe

Re: Smart cards

On 13.12.2018 08:13, Werner Koch wrote: > If you care about side channel attacks, NFC communication is a bad idea > because the decrypted session key can easily be picked up. To avoid > this, /secure communication/ needs to be used but that is cumbersome > because this requires a shared secret

Smart cards

hy ? > > If you plug some little doohickey or thingamagig into your computer to do > *crypto*, of all things, your computer is liable to become infected with > spyware over the USB bus via BadUSB and various firmware- and device-related > security vulnerabilities. But that has not

Re: Smart cards

On December 12, 2018 10:13:58 PM AKST, Werner Koch wrote: >On Tue, 11 Dec 2018 19:27, art...@ulfeldt.com said: >> using openkeychain with a yubikey nfc is totally solid, and >convenient. >> I've been using them for years. they also plug into the bottom of the >> phones which some people prefer. >

Re: Smart cards

On Tue, 11 Dec 2018 19:27, art...@ulfeldt.com said: > using openkeychain with a yubikey nfc is totally solid, and convenient. > I've been using them for years. they also plug into the bottom of the > phones which some people prefer. You should keep in mind that you can eavesdrop on NFC

Re: Smart cards

using openkeychain with a yubikey nfc is totally solid, and convenient. I've been using them for years. they also plug into the bottom of the phones which some people prefer. On Tue, Dec 11, 2018, 10:14 AM Damien Goutte-Gattat via Gnupg-users < gnupg-users@gnupg.org wrote: > On Tue, Dec 11, 2018

Re: Smart cards

On 11.12.2018 19:11, Damien Goutte-Gattat via Gnupg-users wrote: > On Tue, Dec 11, 2018 at 12:35:57PM +0100, Alessandro Vesely wrote: >> Is it possible to get OpenPGP functionality on one of those >> contactless cards? > > I know of at least one NFC-enabled OpenPGP card, the "Fidesmo > Card" [1].

Re: Smart cards

Thank you for your answers. On Tue 11/Dec/2018 19:27:28 +0100 Arthur Ulfeldt wrote: > using openkeychain with a yubikey nfc is totally solid, and convenient. I've > been using them for years. they also plug into the bottom of the phones which > some people prefer. I dislike yubikey because of

Smart cards

is with smart cards readers. Floss-shop's cards are perfect for a PC, but difficult for smartphones. I'm not using smartphones, and I don't see how anything related could be considered to be secure. However, people uses them, and mounting an external device in order to read iso7816 cards sounds cumbersome

Re: Primary and Signing Key on Different Smart Cards

Hello Anton, > 1. I have gpg 2.1.11. What is your gpg2 --version ? I did that with Debian package 2.1.11-7. > 2. Since YubiKey is a usb token and my primary card is a plastic > smartcard from ZeithControl they are in fact located in two different > readers. Ah, that sounds like a likely

Re: Primary and Signing Key on Different Smart Cards

> readers. I found that gpg is not able to locate card if more than one > reader is present and somehow always default to some first card it > sees. To mitigate this I had to always remove the reader along with > the card. And then of cause have to reinsert it back. May it be that > gpg expects

Re: Primary and Signing Key on Different Smart Cards

Hello Peter. Thanks for your detailed instructions. As FOSDEM keysigning is approaching I finally found some time to test it with my setup. Unfortunately I am unable to pass through the step when you need to swap the cards during subkey generation: > > Now let's add subkeys on the other card.

Re: Primary and Signing Key on Different Smart Cards

On 21/11/16 12:04, Peter Lebbing wrote: > Ah! I don't have time right now, but once I do, I'll try to see to write > up some instructions... Here are instructions for doing this on 2.1. First let me point out: On 20/11/16 22:50, Anton Marchukov wrote: > I think you will have to keep it as backup

Re: Primary and Signing Key on Different Smart Cards

rd > RNG. I tried to find this, but the best I could find was his statement > that you don't want regular DSA on smartcard[1]. As I understand it, > that is because of the risk of a failing RNG. Have a look at the graphs on page 7 of this PDF: https://www.usenix.org/system/files/conf

Re: Primary and Signing Key on Different Smart Cards

On 20/11/16 22:50, Anton Marchukov wrote: > I think you will have to keep it as backup too in case you will want > to add another smartcard with a new subkey to an existing key or not? Oh, good point! Maybe it's possible without on-disk keys, I'll try it out later. Otherwise: yes, it would be

Re: Primary and Signing Key on Different Smart Cards

On 20/11/16 22:48, Anton Marchukov wrote: >> Which version, GnuPG 2.0 or 2.1? I think you can use 2.1 to reach the desired >> outcome without difficulty, even if it might be a bit non-standard. > > I have 2.1.11 Ah! I don't have time right now, but once I do, I'll try to see to write up some

Re: Primary and Signing Key on Different Smart Cards

On Thu, Nov 17, 2016 at 7:45 PM, Arthur Ulfeldt wrote: > I have a similar setup and have been doing it successfully. I have two > yubikey neos with signing keys. I found that because of bugs in gpg 2.1 I That's interesting as I want exactly that - two yubikeys for signing.

Re: Primary and Signing Key on Different Smart Cards

> You will need the private key on-disk *temporarily* while setting up the > smartcards. But with Knoppix, that "disk" can be a RAM disk in the main > memory of your computer, obliterated once you power it off. I think you will have to keep it as backup too in case you will want to add another

Re: Primary and Signing Key on Different Smart Cards

> Which version, GnuPG 2.0 or 2.1? I think you can use 2.1 to reach the desired > outcome without difficulty, even if it might be a bit non-standard. I have 2.1.11 > Can we first get out of the way which exact version of GnuPG you're using? If > you're using 2.0, start with the threads linked

Re: Primary and Signing Key on Different Smart Cards

On Thu 2016-11-17 13:45:25 -0500, Arthur Ulfeldt wrote: > PS: the bug is that gpg will only use the newest signing key, rather than > the newest signing key that is available now. I believe this bug is tracked upstream at https://bugs.gnupg.org/gnupg/issue1983 -- it would be great if someone

Re: Primary and Signing Key on Different Smart Cards

I have a similar setup and have been doing it successfully. I have two yubikey neos with signing keys. I found that because of bugs in gpg 2.1 I had to put the same signing key onto both neos. Once I did that it worked smoothly. It would be preferable to use different keys and I'll do that if

Re: Primary and Signing Key on Different Smart Cards

On 17/11/16 17:13, Peter Lebbing wrote: > You will need to have the private key on-disk for both versions, I'm > afraid. You will need the private key on-disk *temporarily* while setting up the smartcards. But with Knoppix, that "disk" can be a RAM disk in the main memory of your computer,

Re: Primary and Signing Key on Different Smart Cards

On 17/11/16 15:02, Anton Marchukov wrote: > Now based on my review I have found the situation in gpg2 to be the following: Which version, GnuPG 2.0 or 2.1? I think you can use 2.1 to reach the desired outcome without difficulty, even if it might be a bit non-standard. > 1. Using multiple

Primary and Signing Key on Different Smart Cards

Hello. I did some research myself and came to conclusion that this is not supported. Was about to submit a feature request, but it is better to ask for help here first. The use case that I want to implement is the following: 1. I have an OpenPGP v2 smart card (regular plastic card) where I want

Re: Question about getting started with PGP and smart cards

> best smartcards there are for GPG use. For getting started with GPG and > smartcards, my recommendation would be to: Please, *don't* do this. This is genuinely bad advice for someone who's just getting started. If you're just getting started, then use the defaults. The defaults are good

Re: Question about getting started with PGP and smart cards

On 2016-02-26 22:08, Joshua Terrill wrote: Hello, I am looking to play around/experiment with gnupg and smart cards. From what little research I've done, I've read about OpenPGP smart cards don't reveal private keys, and do all decrypting/signing on the device itself after entering a PIN. Do I

Re: Question about getting started with PGP and smart cards

On 01/03/16 00:14, Joshua Terrill wrote: > Thanks for the replies, everyone. So what about a solution like Yubikey > NEO? I read on their site that you can generate a keypair and put it on > the yubikey. But what I'm a little confused about is, once you have the > public and private key on the

Re: Question about getting started with PGP and smart cards

Thanks for the replies, everyone. So what about a solution like Yubikey NEO? I read on their site that you can generate a keypair and put it on the yubikey. But what I'm a little confused about is, once you have the public and private key on the card, how do you use it to encrypt/sign/decrypt

Re: Question about getting started with PGP and smart cards

On 29/02/16 15:31, Martin Ilchev wrote: > > For Windows I installed gpg4win and migrated my linux gpg.conf and keys > over and it just worked. Also in windows if you want to use putty with a > smart card you will need a patched putty agent. You can get one from > here

Re: Question about getting started with PGP and smart cards

Hi Josh, I am using a smart card and reader for about 6 months now. The set up I went with is: Smart-card "OpenPGP Smartcard V2.1" from kernel concepts ( http://shop.kernelconcepts.de/). The card supports keys up to 4096 length with gpg2. Card-reader - Gemalto GemPC Twin/TR (IDBridge CT30) -

Re: Question about getting started with PGP and smart cards

On 27/02/16 17:58, Antoine Michard wrote: > But on Linux is not so easy. You have to install all needed depencies for the > reader (pcscd) I should note that pcscd is not needed for the readers I mentioned in my reply, since they are well supported through the builtin driver of scdaemon (and

Re: Question about getting started with PGP and smart cards

/2014/04/pgp-smart-card-ssh-login-gpg-agent-ubuntu/ [6] http://www.gniibe.org/memo/development/fs-bb48/fs-bb48-idea.html Antoine Michard GPG Key: 0xF5C9E7CD0882B381 Le 26/02/2016 23:08, Joshua Terrill a écrit : > Hello, > > I am looking to play around/experiment with gnupg and smart ca

Re: Question about getting started with PGP and smart cards

On 26/02/16 23:08, Joshua Terrill wrote: > For simple encrypting, decrypting, and signing what card and card reader > would you recommend? Though I still need to experience it myself, I think I would recommend GnuK[1] by NIIBE. Otherwise, a standard OpenPGP card[2], which you can also get

Question about getting started with PGP and smart cards

Hello, I am looking to play around/experiment with gnupg and smart cards. From what little research I've done, I've read about OpenPGP smart cards don't reveal private keys, and do all decrypting/signing on the device itself after entering a PIN. Do I have a correct understanding

Re: Making the case for smart cards for the average user

The type of UID that proves problematic when you include the angle brackets in your search is this: $ gpg2 -k c...@example.org pub 2048R/17C05EBD 2014-08-13 [expires: 2015-04-14] uid [ unknown] c...@example.org $ gpg2 -k c...@example.org gpg: error reading key: No public key It's about

Re: Making the case for smart cards for the average user

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 7 April 2015 at 4:34:05 AM, in mid:5523502d.1060...@adversary.org, Ben McGinnes wrote: The function and operation you're after is reasonable, no arguments there, my question is whether this is something which is actually a fault

Re: Making the case for smart cards for the average user

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 7 April 2015 at 2:14:55 PM, in mid:87y4m43ws0@alice.fifthhorseman.net, Daniel Kahn Gillmor wrote: On Tue 2015-04-07 08:39:57 -0400, MFPA wrote: I was talking about what happens when the angle brackets are not there. If I

Re: Making the case for smart cards for the average user

On 07/04/15 14:56, Ben McGinnes wrote: Let me see if I've got this right ... the issue is one which can only occur when the key owner has deliberately overridden the defaults by using the allow-freeform-uid option GnuPG implements the OpenPGP standard. What hoops the users need to jump through

Re: Making the case for smart cards for the average user

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 7 April 2015 at 1:56:01 PM, in mid:5523d3e1.1000...@adversary.org, Ben McGinnes wrote: Let me see if I've got this right ... the issue is one which can only occur when the key owner has deliberately overridden the defaults by

Re: Making the case for smart cards for the average user

On 8/04/2015 12:41 am, MFPA wrote: allowing them to drop the standard format of name em...@example.net and then they're shocked that doing so might produce unintended consequences? Don't know about shocked, but unintended consequences for a non-standard UID scheme was indeed the issue.

Re: Making the case for smart cards for the average user

On 8/04/2015 12:04 am, MFPA wrote: On Tuesday 7 April 2015 at 2:14:55 PM, in mid:87y4m43ws0@alice.fifthhorseman.net, Daniel Kahn Gillmor wrote: We know how to structure a proper name-addr and an addr-spec, and it's not difficult. If you want an e-mail address to be recognizable to

Re: Making the case for smart cards for the average user

On 7/04/2015 5:56 am, Peter Lebbing wrote: On 06/04/15 18:04, Ben McGinnes wrote: or enclose all GPG key UIDs in quotation marks in order to mitigate that (a feature request for The Bat!). I think that would be quite an exploitable bug, passing UIDs to be parsed by a shell... I hope they

Re: Making the case for smart cards for the average user

On 06/04/15 18:04, Ben McGinnes wrote: or enclose all GPG key UIDs in quotation marks in order to mitigate that (a feature request for The Bat!). I think that would be quite an exploitable bug, passing UIDs to be parsed by a shell... I hope they already don't do that. Is a shell even involved I

Re: Making the case for smart cards for the average user

On 7/04/2015 10:46 am, MFPA wrote: DKG has raised a broader issue: keys exist with a UID containing an email address not surrounded by the conventional angle brackets, which causes searching for an exact match on the email address in the way the GnuPG man-page prescribes (by enclosing that

Re: Making the case for smart cards for the average user

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 6 April 2015 at 5:04:09 PM, in mid:5522ae79.2030...@adversary.org, Ben McGinnes wrote: Great plan ... how does the shell know that the angle brackets are a part of the GPG UID format? I was referring to the way the email address

RE: Email-only UIDs and verification (was: Making the case for smart cards for the average user)

Daniel, Checking my e-mail service. Did my response clip OK? Thanks, Bob Cavanaugh There are a lot of proposals in this thread, and you didn't trim the quoted text to isolate just one of them; can you be specific about which one you're talking about?

Re: Email-only UIDs and verification (was: Making the case for smart cards for the average user)

On Mar 20, 2015, at 2:47 PM, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: If the followup is just click this link then i agree it's probably encouraging bad habits. What if the suggested followup was an e-mail reply? What if we require the verifier to sign its outbound messages, and

RE: Email-only UIDs and verification (was: Making the case for smart cards for the average user)

On Fri 2015-03-20 13:43:27 -0400, Bob (Robert) Cavanaugh wrote: One thought to add to the mix: Phishng attacks by having unknowledgable users click on this link are pretty successful. Doesn't this proposal open a new threat vector? There are a lot of proposals in this thread, and you didn't

RE: Email-only UIDs and verification (was: Making the case for smart cards for the average user)

@gnupg.org] On Behalf Of MFPA Sent: Thursday, March 19, 2015 5:58 PM To: Jose Castillo on GnuPG-Users Subject: Re: Email-only UIDs and verification (was: Making the case for smart cards for the average user) * PGP Signed by an unknown key On Wednesday 18 March 2015 at 6:18:57 PM

Re: Email-only UIDs and verification (was: Making the case for smart cards for the average user)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wednesday 18 March 2015 at 6:18:57 PM, in mid:16c07a2d-8b6d-48e5-9bc3-b6ae5d093...@gmail.com, Jose Castillo wrote: On Mar 16, 2015, at 8:55 PM, MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: MFPA No angle brackets around the email

Email-only UIDs and verification (was: Making the case for smart cards for the average user)

On Mar 16, 2015, at 8:55 PM, MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: I would urge you to reconsider your decision to drop the angle brackets. At least one MUA (the MUA I am using to write this message) sends the email address enclosed in angle brackets as the search string for

Re: Making the case for smart cards for the average user

On Mon 2015-03-16 20:55:51 -0400, MFPA wrote: Although I don't really like email addresses in the UIDs of my keys, I quite like the simplicity of your email address only simplified UID format. However, I would urge you to reconsider your decision to drop the angle brackets. At least one MUA

Re: Making the case for smart cards for the average user

On Tue 2015-03-17 21:35:46 -0400, Brian Minton wrote: I thought keyservers strip all punctuation. So f...@example.com becomes foo example com. This discussion has been about gnupg and its own keyring, not necessarily about keyservers. The bug report i filed referred to local gpg activity, not

Re: Making the case for smart cards for the average user

I thought keyservers strip all punctuation. So f...@example.com becomes foo example com. On Tue, Mar 17, 2015, 3:33 PM MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tuesday 17 March 2015 at 5:38:03 PM, in

Re: Making the case for smart cards for the average user

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tuesday 17 March 2015 at 5:38:03 PM, in mid:87lhivpls4@alice.fifthhorseman.net, Daniel Kahn Gillmor wrote: This might be a bug (or at least a well-warranted feature enhancement) in GnuPG. I've just opened

Re: Making the case for smart cards for the average user

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Saturday 14 March 2015 at 10:37:18 PM, in mid:caaocvpveqs-tq-reki8ax3spdst8p5tg0+koxvtufw0azy9...@mail.gmail.com, Joey Castillo wrote: The goal is to simplify not just everyday things like how to make a key or encrypt an email, but also

Re: Making the case for smart cards for the average user

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tuesday 17 March 2015 at 12:55:51 AM, in mid:277590791.20150317005551@my_localhost, MFPA (me) wrote: If a user has multiple email addresses, does the automated email verification service send a different encrypted verification link to

Re: Making the case for smart cards for the average user

On 15/03/15 23:24, Jose Castillo wrote: I think it’s encouraging, in a perverse way, to hear that when GCHQ sought to compromise SIM card encryption keys [4], they had to resort to spying on the employees generating them. Perhaps the SIM cards are relatively well protected from remote access;

Re: Making the case for smart cards for the average user

Hi. Am 13-03-2015 21:13, schrieb Joey Castillo: Hi there, I'm working on a Kickstarter right now that aims to popularize smart cards as an easier way for the average user to adopt GnuPG. https://www.kickstarter.com/projects/joeycastillo/signet-simple-online-privacy-cards Putting aside any

Re: Making the case for smart cards for the average user

key material. Good point. We are told that smartcard design precludes copying the key material without physically destroying the card and applying some pretty heavy-duty forensics. But do we *know* this to be true, or is it just collective wishful thinking? Without smart cards, if I want to use

Re: Making the case for smart cards for the average user

Thanks for your thoughtful response. I think it's absolutely true that different people have different security needs, but I wonder if we can't make progress for an average person's use case. I disagree: I don't believe there is an average person or an average use case. But please, don't

Re: Making the case for smart cards for the average user

On 03/14/2015 05:13 AM, Joey Castillo wrote: Of course smart cards aren't some kind of magic bullet, but if the goal is to drive wider adoption of GnuPG and OpenPGP based cryptography, I can't shake the feeling that smart cards are a huge part of the answer. Thoughts? I think that smartcard

Re: Making the case for smart cards for the average user

Sorry about the improper threading; I’ve switched off digest mode, hopefully this will help. On Mar 15, 2015, at 9:06 AM, MFPA wrote: Pretty much any system *could* be compromised. Should we say all bets are off because there is a possibility the system might be compromised? I may have

Re: Making the case for smart cards for the average user

On 15-03-2015 23:24, Jose Castillo wrote: but my sense is that more people are vulnerable to passphrase-sniffing malware than they are to someone sneaking very close to them with an evil device. However, perhaps even more people are vulnerable to confisquation by authorities. If they find a

Re: Making the case for smart cards for the average user

. Thanks. I may have phrased my point inartfully. I think the goal here is to minimize the harm done in the case of compromise. That should be a goal everywhere. (-; You do have to trust the firmware and the operating system on the smart card, I thought there were some open-source smart

Re: Making the case for smart cards for the average user

unauthorized use by simply removing the card; this is not possible if the attacker has stolen your keyring and passphrase. Without smart cards, if I want to use GnuPG on my laptop, my iPhone and my Nexus 7, I have to put my secret key on each of those devices and enter my passphrase into each of those devices

Re: Making the case for smart cards for the average user

On 14/03/15 17:52, Philip Jackson wrote: https://www.kickstarter.com/projects/joeycastillo/signet-simple-online-privacy-cards Geographic distribution of the product seems to be limited to US only - at least for your sponsors. I desperately wanted to make it worldwide, but feared running afoul

Re: Making the case for smart cards for the average user

On 13/03/15 17:20, Robert J. Hansen wrote: (ObWarning: no facts, just opinions.) I think the biggest problem we face, to be honest, is our conviction that there's an answer out there and we just have to find it. ... Thanks for your thoughtful response. I think it's absolutely true that

Re: Making the case for smart cards for the average user

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Friday 13 March 2015 at 8:13:38 PM, in mid:CAAocvpv5ChY9NKpkz0utkiyuNQay2n=dppwcp1z7a0covf6...@mail.gmail.com, Joey Castillo wrote: Unlocking a card with a PIN is a metaphor that people already know and use with bank cards. Yes, and a

Re: Making the case for smart cards for the average user

On 13/03/15 21:13, Joey Castillo wrote: Hi there, I'm working on a Kickstarter right now that aims to popularize smart cards as an easier way for the average user to adopt GnuPG. https://www.kickstarter.com/projects/joeycastillo/signet-simple-online-privacy-cards Geographic distribution

Making the case for smart cards for the average user

Hi there, I'm working on a Kickstarter right now that aims to popularize smart cards as an easier way for the average user to adopt GnuPG. https://www.kickstarter.com/projects/joeycastillo/signet-simple-online-privacy-cards Putting aside any security benefits, smart cards seem simpler to use

Re: Making the case for smart cards for the average user

Of course smart cards aren't some kind of magic bullet, but if the goal is to drive wider adoption of GnuPG and OpenPGP based cryptography, I can't shake the feeling that smart cards are a huge part of the answer. Thoughts? (ObWarning: no facts, just opinions.) I think the biggest problem

Re: Same key on different smart cards

keys in the hope to use both smart cards seamlessly interchangeable. As you just told me, I have to delete the stubs and prepare for the other card. That sounds good enough for the signing, email decryption and ssh tasks. It's a bit more work intensive for the full disk encryption part. And it's

Same key on different smart cards

. But the unique id of the card seems to be stored in the private key stub (~/.gnupg/secring.gpg). Thus if I try to use the second card, I get an error telling me to insert the correct card. Is it possible to manage the same identity with multiple smart cards? Of course I could use a separate smart

Re: Same key on different smart cards

On Thu, 13 Dec 2012 08:43, ricu...@gmail.com said: (~/.gnupg/secring.gpg). Thus if I try to use the second card, I get an error telling me to insert the correct card. You need to delete the secret key stub and then gpg should be able to re-create it using the current card. I am not sure about

Re: Same key on different smart cards

, the decryption key on the other? If so, why have you stored both keys on the same card? Is it possible to manage the same identity with multiple smart cards? That is a different problem. This is not directly supported by GnuPG but possible by a workaround: After changing the smartcard you can

PGP and Smart Cards

The Basic Error is in giving the merchant your credit card number. You are spreading that number all over Boston and the thugs are gonna grab it and help themselves. The only surprising thing is that this doesn't happen more often. All that a thug needs is a Merchant Account with PCI and he

Re: PGP and Smart Cards

Good luck. The merchants don't seem to care, and the banks still think that the name of my third-grade teacher is some kind of closely guarded secret. It's not going to happen unless required by law or in response to some hugely expensive (and successful) class actions against card issuers. The

Re: PGP and Smart Cards

On Tue, May 10, 2011 at 1:54 PM, Mark H. Wood mw...@iupui.edu wrote: The customer is the only one with a compelling incentive to change the system. Why? Are not the Pay Card companies on the hook for most of the losses? -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking

Re: PGP and Smart Cards

On Tue, May 10, 2011 at 2:31 PM, Scott Lambdin lop...@gmail.com wrote: On Tue, May 10, 2011 at 1:54 PM, Mark H. Wood mw...@iupui.edu wrote:  The customer is the only one with a compelling incentive to change the system. Why?  Are not the Pay Card companies on the hook for most of the

import key to smart cards

Hello eyeryone, I´ve got a special question concerning GnuPG and smart card My question is: How can I import a (sec-pub-)key which was generated on a crypto stick (containing an integrated smart card) into another crypto stick? A crypto stick like:

Re: import key to smart cards

On Tue, 5 Oct 2010 13:18, kolad...@web.de said: My question is: How can I import a (sec-pub-)key which was generated on a crypto stick (containing an integrated smart card) into another crypto stick? A crypto stick like: The whole point of generating keys on a smartcard is that it is

Re: import key to smart cards

If you dont have off-card key backup. Sorry, better forget it. -- Andre Amorim On 5 October 2010 16:18, Werner Koch w...@gnupg.org wrote: On Tue,  5 Oct 2010 13:18, kolad...@web.de said: My question is: How can I import a (sec-pub-)key which was generated on a crypto stick (containing an

Re: Why do smart cards have a 'sex' option?

Right, this is a ISO standard field for smart cards. The name and its uncommon encoding is another example for an ISO standard field. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing

Re: Why do smart cards have a 'sex' option?

I just got my new crypto-stick, and it's pretty slick. I understand why I'd want to set my name and language preferences, but I was trying to come up with a good scenario where my sex would be useful, or what the rational was for including that field. My guess is it is to address the user

Re: Why do smart cards have a 'sex' option?

On 9/1/10 5:17 AM, Peter Lebbing wrote: I just got my new crypto-stick, and it's pretty slick. I understand why I'd want to set my name and language preferences, but I was trying to come up with a good scenario where my sex would be useful, or what the rational was for including that field.

Why do smart cards have a 'sex' option?

I just got my new crypto-stick, and it's pretty slick. I understand why I'd want to set my name and language preferences, but I was trying to come up with a good scenario where my sex would be useful, or what the rational was for including that field. I'm just curious more than anything. --

Question about Smart Cards and GPG

This may seem silly, so forgive me. The SmartCard HOWTO[1] says that the Omnikey CardMan 6121 has been tested and I like a USB dongle solution. Can I put an old SMS card (I have piles from T-Mobile) in this device, blank it, and load a new key? Or does this require a different kind of card?

Re: Question about Smart Cards and GPG

Hi! Am Mittwoch, den 19.03.2008, 09:59 -0400 schrieb James P. Howard, II: Can I put an old SMS card (I have piles from T-Mobile) in this device, blank it, and load a new key? Or does this require a different kind of card? The OpenPGP smartcard is totally different from mobile phone SIM