Oops, that was missing some important bootstrap steps, especially critical if you are unfamiliar with pgp workflows... Here is a revision. It assumes you have certs already on the card and addresses an initial workflow, I've not confirmed, but I would be happy to see corrections for more appropriate FAQ presentations. I guess sections to use readonly and yubikey style smart cards would cover most use cases?
On Tue, Nov 5, 2024 at 11:10 AM George Georgalis <geo...@galis.org> wrote: > > > Abu Hussain Al Mukhtar <abuhuss...@secure.mailbox.org> writes: >> >> > I am trying to setup an OpenPGP Smartcard. AFAICT, nothing of the >> > sort is discussed in the FAQs or in 'The Guide'. >> > > Try a layered approach, map the [usb] device/daemon, io protocol, and > crypto components with their functions, to the best of your knowledge. > identify prefered and alternate software, review those docs for data > (including "See Also" section of man pages) to fortify your component, > function, and data flow mapping, revise and repeat. Unfortunately, this is > often a prerequisite in a specialized context, with procedural privacy > required, so non-standardized solutions often prevail. > > These are the tools I would start with: > netpgp > security/netpgp (netbsd and pkgsrc) > security/netpgpverify > security/pcsc-tools > security/pcsc-lite > > Besides man pages wikipedia is helpful, eg: OpenPGP_card and Smart_card; > and despite the absence of reason, LLM can be helpful to: Describe the high > level steps required to leverage the installed tools netpgp, netpgpverify, > pcsc-tools to verify signature, sign, encrypt and decrypt files based on > smart card and OpenPGP cryptography. > > Attached here is a llm artifact that may serve as a faq and meet your > needs? Please confirm! > > Notable, netpgp seems to rely on pcsc-tools, verses bundling card > management functionality in. Matter of style in absence of a single > standard... > > -George > > > -- > George Georgalis, (415) 894-2710, http://www.galis.org/ > > -- George Georgalis, (415) 894-2710, http://www.galis.org/
smartcard-crypto-guide.md
Description: Binary data
