You can review the optional PKCS#11 support. http://gnupg-pkcs11.sourceforge.net/
On 5/28/07, Jim Berland <[EMAIL PROTECTED]> wrote: > Hi everybody, > > I tried to research most of my questions concerning the use of > smartcards, but I have a few things that I want to make sure. > > > _About smart cards:_ > > I understand that OpenPGP is a smart card specification that is not > very common among smart cards, so I should stick with the ones from > kernel concepts. It is similar with the card readers. > > Is it correct, that this limitation changed with Gnupg2? I read that I > could use other cards now, but it wasn't clear enough (for me), which > ones those are. It's about PGP/MIME that is making it possible to use > other cards or something. > > What would be the benefits of non-OpenPGP cards? Longer Keys? Different keys? > > > _About card readers:_ > > Did I understand it correctly, that card readers with a pin-pad don't > add extra security when used with GPG? I read that the benefit of the > pin-pad readers used with some applications is, that the pin never > reaches the computer and thus cannot be sniffed. Used with GPG this > doesn't apply though. Or is a pin-pad card reader used with GPG(2) > still a possible counter-measure to a keylogger attack? > > Now assuming that pin-pad card readers don't add extra security, isn't > the number-only passphrase, that you would use with them, even riskier > than a simple card reader and a good passphrase? > > Could I buy pin-pad readers, but ignore the pin-pad and use them like > simple card readers? > > To make life not too hard for our people I would like to either have > long passphrase caching times with the gpg-agent (thinking of 4 hours) > or have them enter a shorter pin on the key-pad each time it's needed. > Which solution would you prefer? > > I guess you are now going to ask me what the threat model is and I'm > afraid that I can't give a perfectly precise answer. Anyhow, the > computers are running MS Windows and are networked. I can definitely > see people opening email attachments to let a virus or whatever > strike. For that reason I liked the pin-pad readers, if they did what > they promise. The smart cards might be stored in a company safe or > actually taken home by everybody. I don't know yet. Storing the cards, > that are only to be used as an employee of the company, at the company > sounds reasonable to me and considering who has access to the safe a > short pin would (in my opinion) still be good enough. Please don't get > caught up trying to get this threat model perfectly right, but rather > concentrate on the other questions. I can figure this out by myself, I > believe. > > > _About other uses of the cards:_ > > To do something else with the smart cards other than using it for GPG > is not important, but might be very interesting. For example, would it > be possible to use it to authenticate for a Windows Remote Desktop > session? > > > _At last, a possible technical problem:_ > > I read on the Microsoft website that it is possible to use smart cards > (readers) in a Remote Desktop session. Does this apply for the OpenPGP > card and an appropriate card reader? This is a requirement, because > all the work is done on a terminal server. The employee's computers > are complete computers and not thin-clients, although they don't do > more than a thin client would, I think. > > > Thank you very much for your help > > _______________________________________________ > Gnupg-users mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnupg-users > _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
