On 14 August 2011 06:47, Martin Paljak <[email protected]> wrote: > On which platform? Does dmesg say something useful?
Linux. dmesg is silent when this happens. It worked fine back in March shortly after I got the device. >> (2) I want secure PIN entry. > From GnuPG? I don't have a card either to try it out, but I suspect it might > be problematic - the preferred access method inside GnuPG seems to be the > internal CCID method, which might not work with/for all readers out there, > many of them require reader-specific workarounds. > > GPG related question: do you use gpg or gpg2 with CryptoStick? I just set up > 4k keys but on Linux only gpg can be used to decrypt (gpg2 does not find the > key) and on OS X nothing works for decrypting, only signing... I have been using gpg2 with a patch I wrote a few months ago to support 4k keys, which was not accepted: https://chris.boyle.name/2011/02/gnupg-4096-bit-keys-openpgp https://chris.boyle.name/tmp/20110330-gnupg-big-card-keys-hack.patch http://lists.gnupg.org/pipermail/gnupg-devel/2011-March/thread.html#26018 (the last thread) ...but now I see last month Werner has done 4k key support differently: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=fb44677c9f2cab6bac08d04d675554b38f64382a ...and this made it into 2.0.18. Looking in ccid-driver.c I see it is indeed quite paranoid, only allowing vendors SCM, KAAN, CHERRY (with a hack), FSIJ (in gnupg 2.1). I'm happy to attempt this with, say, Vasco, and see where it gets me. Likewise this code suggests that secure PIN modification is missing, and that would make an interesting project. Worst that can happen is I fry the smartcard, right? :-) http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=scd/ccid-driver.c;h=8c362d73cfe5afe8f2cd9eb8c5d8d3a3d0410a9c;hb=refs/heads/STABLE-BRANCH-2-0#l3008 One worrying thing is that although 4k keys worked with the CryptoStick (notionally an OpenPGP v2 card), the page for the real OpenPGP v2 card claims 3072 bits max, and it would be helpful if someone could confirm that this only refers to the gnupg2 limit, i.e. that the card itself really allows 4096? http://www.g10code.de/p-card.html Thanks, -- Chris Boyle http://chris.boyle.name/ _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
