Re: Help need to use truecryt + openpgp applet.

2015-02-21 Thread NdK 
Il 21/02/2015 12:26, Peter Lebbing ha scritto:

>> Or use a plain USB stick.
> Hehe :). I think what Diego means, is that a SIM card can still be protected 
> by
> a PIN. You would need to enter the PIN before you had access to the SMS,
> similarly as the private DO's on the OpenPGP card.
Exactly. Moreover, it's often "free" since you don't have to buy a new
card just for that use, just recycle an unused one.

BYtE,
 Diego

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-21 Thread Peter Lebbing 
On 21/02/15 12:18, Werner Koch wrote:
> Or use a plain USB stick.

Hehe :). I think what Diego means, is that a SIM card can still be protected by
a PIN. You would need to enter the PIN before you had access to the SMS,
similarly as the private DO's on the OpenPGP card.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-21 Thread Werner Koch 
On Sat, 21 Feb 2015 08:48, ndk.cla...@gmail.com said:

> since there's no on-card crypto involved. Just store the secret in an
> SMS, with the "sender" set to the ID of the protected storage :)

Or use a plain USB stick.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-20 Thread NdK 
Il 21/02/2015 03:01, Matthias-Christian Ott ha scritto:

[...]
> it finds PKCS #11 objects on the card). That said, I doubt using the
> private DOs for PKCS #11 objects and associated metadata will be
> generally accepted (other people could be storing other data in these
> data objects), so you would probably have to add a compile-time option
> or maintain a fork.
Then maybe, a simple (disabled) SIM card from an old phone contract (I
usually have about a dozen around) could be better suited for the job,
since there's no on-card crypto involved. Just store the secret in an
SMS, with the "sender" set to the ID of the protected storage :)

Ok, end of OT.

BYtE,
 Diego

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-20 Thread NIIBE Yutaka 
Hello,

I maintain Scute and Poldi packages in Debian.  I also do minimum
efforts for those software in the upstream.  Perhaps, it's better for
me to put my business on the service.html, but my environment is free
software only which won't match most potential customers' requests.

Well, please note that Scute or Poldi is not mature enough yet, and
somehow not well maintained these days.

On 02/21/2015 11:01 AM, Matthias-Christian Ott wrote:
> As mentioned in my more detailed follow-up email on how TrueCrypt
> accesses the "keyfile" on the smartcard, Scute is not able to do this.

Interesting.

I don't recommend using data objects on a smartcard for such a use,
because it's size is usually limited.  Say, 255-byte or so, at most.

Here, I explain a bit of existing code (of scdaemon, scute and poldi)
and OpenPGPcard v2.


We also have the data object of 0x7F21 "Cardholder certificate".  I
guess that it was intended to hold the X.509 client certificate in
OpenPGPcard v2, which corresponds to the authentication private key on
the card.  We have READCERT command in scdaemon to access this
specific data object.

However, this command and the data object itself are not used any more
by GnuPG, Scute, or Poldi.  Thus, it would be possible to use this
data object for your experiment.  This is abuse, so, I don't
recommend, in general, but only for your experimental usage.  This
data object is exceptionally large.  I don't remember how large it is
for the original OpenPGPcard, but I know it's 2KiB for Gnuk (if
enabled on compile time).

The access to the data object of 0x7f21 is not controlled by PIN.  It
can be accessed by anyone.  I think that it could be possible for the
host PC to encrypt the data to be stored, using card's encryption key.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-20 Thread Matthias-Christian Ott 
On 2015-02-20 06:32, Ranjini H.K wrote:
> Yes i used Scute. No success with it. I better ask OpenSC mailing list with
> the help asking for the support for handle data objects even if the card
> could store them..

As mentioned in my more detailed follow-up email on how TrueCrypt
accesses the "keyfile" on the smartcard, Scute is not able to do this.
GnuPG however can access the (optional) private data objects on the card
that could be used to store the "keyfile" on the card (as they are PIN
protected). If I'm not mistaken, you should be able to add this to Scute
through scdaemon and the GETATTR PRIVATE-DO-3 and SETATTR PRIVATE-DO-3
commands over scdaemon's Assuan protocol that you would have to map to
the appropriate PKCS #11 in Scute (see TrueCrypt's source code for how
it finds PKCS #11 objects on the card). That said, I doubt using the
private DOs for PKCS #11 objects and associated metadata will be
generally accepted (other people could be storing other data in these
data objects), so you would probably have to add a compile-time option
or maintain a fork.

If you are trying to implement this as part of job/on behalf of your
employer (guessing from your website and work email address that seems
to be the case), I would also advice you to subcontract somebody else to
implement this feature (see Werner Koch's email).

Regards,
Matthias-Christian

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-20 Thread Robert J. Hansen 
> I just feel that using publicly-abandoned security software, 
> particularly when it hadn't been updated in the two years leading up 
> to its abandonment and used old, crufty build dependencies[1] that 
> hadn't been updated in decades, is probably unwise if one desires a 
> high degree of security.

People put a lot more faith in encrypted filesystems than perhaps they
should.  They're a great way to protect data against casual theft, but
their track records against well-funded opponents are badly mixed.

http://delogrand.blogspot.fi/2013/04/cyber-defense-exercise-2013-extracting.html

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-20 Thread Pete Stephenson 
On Fri, Feb 20, 2015 at 7:00 AM, Doug Barton  wrote:
> On 2/19/15 12:16 AM, Pete Stephenson wrote:
>
>> Considering the way it was abandoned by its developers, TrueCrypt is
>> probably not the best choice going forward.
>
> We don't know the whole story about what happened there, so I would be
> hesitant to attribute malice. For some of us who need to have the same data
> accessible on multiple platforms there is not a better option.

No malice implied. My apologies if I was unclear.

I just feel that using publicly-abandoned security software,
particularly when it hadn't been updated in the two years leading up
to its abandonment and used old, crufty build dependencies[1] that
hadn't been updated in decades, is probably unwise if one desires a
high degree of security.

Don't get me wrong: I really like TrueCrypt and think it was a great
cross-platform disk encryption program that was remarkably easy to
use, but using it as a part of new projects probably isn't a good
idea.

Cheers!
-Pete

[1] https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/

-- 
Pete Stephenson

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-20 Thread Werner Koch 
On Fri, 20 Feb 2015 06:32, ranjin...@tyfone.com said:
> Yes i used Scute. No success with it. I better ask OpenSC mailing list with
> the help asking for the support for handle data objects even if the card
> could store them..

You may want to checkout https://gnupg.org/service.html to find help for
fixing/adjusting Scute.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Antony Prince 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On February 20, 2015 1:00:52 AM EST, Doug Barton  wrote:
>On 2/19/15 12:16 AM, Pete Stephenson wrote:
>
>> Considering the way it was abandoned by its developers, TrueCrypt is
>> probably not the best choice going forward.
>
>We don't know the whole story about what happened there, so I would be
>hesitant to attribute malice. For some of us who need to have the same
>data accessible on multiple platforms there is not a better option.
>
>Doug
>
>
>___
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users

I wasn't aware TrueCrypt had been abandoned. I also haven't visited their site 
for some time. That's a shame though. Its a useful piece of software. I hope 
someone continues in their footsteps.
- --

Antony Prince

Key ID: 0x4F040744
Fingerprint: FE96 5B7F A708 18D3 B74B 959F A6E1 6242 4F04 0744
URL: 
https://hkps.pool.sks-keyservers.net/pks/lookup?op=get&search=0xA6E162424F040744
-BEGIN PGP SIGNATURE-
Version: APG v1.1.1

iQFCBAEBCAAsBQJU5tnDJRxBbnRvbnkgUHJpbmNlIDxhbnRvbnlAYmxhenJzb2Z0
LmNvbT4ACgkQpuFiQk8EB0RrjQgArr080em0l2sznMPMpmDGkB8PZs+v8eiPaJAj
F8Qbgg2h04H1bpUGvOv6Mk5fJeqffBXs/3o6yr8MEqiVLGxXNGxLIuS2r0mEgT7Z
3RkR10R6hixPyEQZw6ysl9Mk1aVM8TZDPUHvdCtqUzOIWHIlWNUtmnW2GqurRS+B
UhkqxV+4VAmriYx3GgZMbCAcokjIY++xTFYkLnVuRRpZWhWXo/OqhFRLQ+R7rDcH
kODlTmjdCjlpqCq5GSyxWrhoXxY//+k6r4LT7Qw6Wq2mPjImyJNVvBGhtrj9u0He
8OVveL9LF1TxR4kOZBhDTPvLYmoOiM53ukLHAGA5wvwMixWfvA==
=tySd
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Doug Barton 

On 2/19/15 12:16 AM, Pete Stephenson wrote:


Considering the way it was abandoned by its developers, TrueCrypt is
probably not the best choice going forward.


We don't know the whole story about what happened there, so I would be 
hesitant to attribute malice. For some of us who need to have the same 
data accessible on multiple platforms there is not a better option.


Doug


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Ranjini H.K 
Yes i used Scute. No success with it. I better ask OpenSC mailing list with
the help asking for the support for handle data objects even if the card
could store them..

Ranjini HK

Software Engineer - Tyfone, Inc.

Bangalore
www.tyfone.com

Mobile: +91-9886262192

On Fri, Feb 20, 2015 at 1:50 AM, Matthias-Christian Ott 
wrote:

> On 2015-02-19 20:00, Werner Koch wrote:
> > On Thu, 19 Feb 2015 18:22, o...@mirix.org said:
> >
> >> Your Java Card does probably not support PKCS #11. An applet on the card
> >> might implement it. To make it work, you need a PKCS #11 middleware and
> >
> > PKCS#11 is an API between two applications.  It is not directly related
> > to smartcards.  However, it is very common that the smart card driver
> > software (on the host) provides an PKCS#11 interface towards
> > applications.  (Scute can be considered a smartcard card driver
> > software.)
> >
> > PKCS#15 is a standard which some cards implement and what OpenPSC is
> > mostly about.  PKCS#15 is for cards what FHS (Filesystem Hierarchy
> > Standard) is for Linux.
>
> I'm well aware of this. That why I wrote "middlware" instead of
> "driver". SoftHSM is a good example of a PKCS #11 middleware that is not
> a smartcard.
>
> Regards,
> Matthias-Christian
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Matthias-Christian Ott 
On 2015-02-19 20:00, Werner Koch wrote:
> On Thu, 19 Feb 2015 18:22, o...@mirix.org said:
> 
>> Your Java Card does probably not support PKCS #11. An applet on the card
>> might implement it. To make it work, you need a PKCS #11 middleware and
> 
> PKCS#11 is an API between two applications.  It is not directly related
> to smartcards.  However, it is very common that the smart card driver
> software (on the host) provides an PKCS#11 interface towards
> applications.  (Scute can be considered a smartcard card driver
> software.)
> 
> PKCS#15 is a standard which some cards implement and what OpenPSC is
> mostly about.  PKCS#15 is for cards what FHS (Filesystem Hierarchy
> Standard) is for Linux.

I'm well aware of this. That why I wrote "middlware" instead of
"driver". SoftHSM is a good example of a PKCS #11 middleware that is not
a smartcard.

Regards,
Matthias-Christian


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Matthias-Christian Ott 
On 2015-02-19 19:50, Thomas Harning Jr. wrote:
> On Thu Feb 19 2015 at 12:23:34 PM Matthias-Christian Ott 
> wrote:
> 
>> On 2015-02-19 09:23, Ranjini H.K wrote:
>>> Yes my java card supports PKCS#11. Am not so sure about OpenPGP applet.
>>> What should i do othercase To make my OpenPGP applet support PKCS#11.
>>
>> Your Java Card does probably not support PKCS #11. An applet on the card
>> might implement it. To make it work, you need a PKCS #11 middleware and
>> tell TrueCrypt about it (Settings > Security Tokens... > PKCS #11
>> Library Path). If you are using an applet that is supported by OpenSC,
>> you can use OpenSC. Otherwise you have to resort to the proprietary
>> middleware supplied by the vendor. OpenPGP cards should be supported by
>> OpenSC and should be usable with TrueCrypt [1]. There is also a
>> proprietary PKCS #11 library that should provide a PKCS #11 interface
>> for OpenPGP cards [2]. Otherwise you can try Scute [3].
>>
>> That said, it is probably better to ask on the OpenSC mailing list [4]
>> about PKCS #11.
>>
>> The Java Card OpenPGP applet seems to be maintained by Yubico at the
>> moment [5].
>>
>> Regards,
>> Matthias-Christian
>>
>> [1] https://github.com/OpenSC/OpenSC/issues/125
>> [2] http://smartcard-auth.de/download-de.html
>> [3] http://www.scute.org/
>> [4] http://sourceforge.net/p/opensc/mailman/
>> [5] https://github.com/Yubico/ykneo-openpgp
>>
> The main issue is that TrueCrypt does not generate a key on-card, but
> instead it stores pin-protected data which it reads out when it needs to
> unlock the disk.
> 
> OpenPGP cards, if I recall right, have no capability to store arbitrary
> data.

You could store it in the private use data objects (0103, 0104). I look
at both TrueCrypt's and OpenSC's source code. TrueCrypt uses PKCS #11 to
find all private object with a matching label. OpenSC's PKCS #11
implementation in turn uses its PKCS #15 implementation to store
objects. OpenSC's PKCS #15 driver for OpenPGP cards in turn does not
handle data objects even if the card could store them. It doesn't look
too difficult to implement this feature. Perhaps somebody will do it for
you if ask on the OpenSC mailing list.

Scute supports certificates only as well.

> Perhaps you can file a feature-request against VeraCrypt (the "current"
> TrueCrypt project) to implement a mechanism where the master key (or subkey
> of sorts) is encrypted with a key stored on-card.

I think this is impossible TrueCrypt derives keys from the password and
then decrypts the header of the volume. There is no space to store
encrypted key material.

Regards,
Matthias-Christian

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Thomas Harning Jr. 
On Thu Feb 19 2015 at 12:23:34 PM Matthias-Christian Ott 
wrote:

> On 2015-02-19 09:23, Ranjini H.K wrote:
> > Yes my java card supports PKCS#11. Am not so sure about OpenPGP applet.
> > What should i do othercase To make my OpenPGP applet support PKCS#11.
>
> Your Java Card does probably not support PKCS #11. An applet on the card
> might implement it. To make it work, you need a PKCS #11 middleware and
> tell TrueCrypt about it (Settings > Security Tokens... > PKCS #11
> Library Path). If you are using an applet that is supported by OpenSC,
> you can use OpenSC. Otherwise you have to resort to the proprietary
> middleware supplied by the vendor. OpenPGP cards should be supported by
> OpenSC and should be usable with TrueCrypt [1]. There is also a
> proprietary PKCS #11 library that should provide a PKCS #11 interface
> for OpenPGP cards [2]. Otherwise you can try Scute [3].
>
> That said, it is probably better to ask on the OpenSC mailing list [4]
> about PKCS #11.
>
> The Java Card OpenPGP applet seems to be maintained by Yubico at the
> moment [5].
>
> Regards,
> Matthias-Christian
>
> [1] https://github.com/OpenSC/OpenSC/issues/125
> [2] http://smartcard-auth.de/download-de.html
> [3] http://www.scute.org/
> [4] http://sourceforge.net/p/opensc/mailman/
> [5] https://github.com/Yubico/ykneo-openpgp
>
The main issue is that TrueCrypt does not generate a key on-card, but
instead it stores pin-protected data which it reads out when it needs to
unlock the disk.

OpenPGP cards, if I recall right, have no capability to store arbitrary
data.

Perhaps you can file a feature-request against VeraCrypt (the "current"
TrueCrypt project) to implement a mechanism where the master key (or subkey
of sorts) is encrypted with a key stored on-card.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Werner Koch 
On Thu, 19 Feb 2015 18:22, o...@mirix.org said:

> Your Java Card does probably not support PKCS #11. An applet on the card
> might implement it. To make it work, you need a PKCS #11 middleware and

PKCS#11 is an API between two applications.  It is not directly related
to smartcards.  However, it is very common that the smart card driver
software (on the host) provides an PKCS#11 interface towards
applications.  (Scute can be considered a smartcard card driver
software.)

PKCS#15 is a standard which some cards implement and what OpenPSC is
mostly about.  PKCS#15 is for cards what FHS (Filesystem Hierarchy
Standard) is for Linux.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Matthias-Christian Ott 
On 2015-02-19 09:23, Ranjini H.K wrote:
> Yes my java card supports PKCS#11. Am not so sure about OpenPGP applet.
> What should i do othercase To make my OpenPGP applet support PKCS#11.

Your Java Card does probably not support PKCS #11. An applet on the card
might implement it. To make it work, you need a PKCS #11 middleware and
tell TrueCrypt about it (Settings > Security Tokens... > PKCS #11
Library Path). If you are using an applet that is supported by OpenSC,
you can use OpenSC. Otherwise you have to resort to the proprietary
middleware supplied by the vendor. OpenPGP cards should be supported by
OpenSC and should be usable with TrueCrypt [1]. There is also a
proprietary PKCS #11 library that should provide a PKCS #11 interface
for OpenPGP cards [2]. Otherwise you can try Scute [3].

That said, it is probably better to ask on the OpenSC mailing list [4]
about PKCS #11.

The Java Card OpenPGP applet seems to be maintained by Yubico at the
moment [5].

Regards,
Matthias-Christian

[1] https://github.com/OpenSC/OpenSC/issues/125
[2] http://smartcard-auth.de/download-de.html
[3] http://www.scute.org/
[4] http://sourceforge.net/p/opensc/mailman/
[5] https://github.com/Yubico/ykneo-openpgp

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Richard Ulrich 
Hi Ranjini,

Does it have to be truecrypt?
LUKS works very well with OpenPGP SmartCards or JavaApplets implementing
it (e.g. YubiKey NEO).
Just follow the steps in this blog post:
https://blog.kumina.nl/2010/07/two-factor-luks-using-ubuntu

Rgds
Richard

Am Donnerstag, den 19.02.2015, 13:53 +0530 schrieb Ranjini H.K:
> Thanks Pete Stephenson.
> Yes my java card supports PKCS#11. Am not so sure about OpenPGP applet.
> What should i do othercase To make my OpenPGP applet support PKCS#11.
> 
> Ranjini HK
> 
> Software Engineer - Tyfone, Inc.
> 
> Bangalore
> www.tyfone.com
> 
> Mobile: +91-9886262192
> 
> On Thu, Feb 19, 2015 at 1:46 PM, Pete Stephenson  wrote:
> 
> > On Thu, Feb 19, 2015 at 5:53 AM, Ranjini H.K  wrote:
> > > Hi all,
> > >
> > > Am trying to implement disk encryption/decryption using truecrypt with
> > > security token support. I have a java card with openPGP applet loaded on
> > to
> > > it. Inspite of configuring truecrypt to use the security token, its not
> > > finding it and notififng me with an error saying : security token error
> > > "FUNCTION NOT SUPPORTED ".
> >
> > Considering the way it was abandoned by its developers, TrueCrypt is
> > probably not the best choice going forward.
> >
> > That said, TrueCrypt only supports smartcards that use PKCS #11
> > libraries. Does the JavaCard you're using support PKCS #11? Does the
> > OpenPGP applet?
> >
> > --
> > Pete Stephenson
> >
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



signature.asc
Description: This is a digitally signed message part
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Ranjini H.K 
Thanks Pete Stephenson.
Yes my java card supports PKCS#11. Am not so sure about OpenPGP applet.
What should i do othercase To make my OpenPGP applet support PKCS#11.

Ranjini HK

Software Engineer - Tyfone, Inc.

Bangalore
www.tyfone.com

Mobile: +91-9886262192

On Thu, Feb 19, 2015 at 1:46 PM, Pete Stephenson  wrote:

> On Thu, Feb 19, 2015 at 5:53 AM, Ranjini H.K  wrote:
> > Hi all,
> >
> > Am trying to implement disk encryption/decryption using truecrypt with
> > security token support. I have a java card with openPGP applet loaded on
> to
> > it. Inspite of configuring truecrypt to use the security token, its not
> > finding it and notififng me with an error saying : security token error
> > "FUNCTION NOT SUPPORTED ".
>
> Considering the way it was abandoned by its developers, TrueCrypt is
> probably not the best choice going forward.
>
> That said, TrueCrypt only supports smartcards that use PKCS #11
> libraries. Does the JavaCard you're using support PKCS #11? Does the
> OpenPGP applet?
>
> --
> Pete Stephenson
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-19 Thread Pete Stephenson 
On Thu, Feb 19, 2015 at 5:53 AM, Ranjini H.K  wrote:
> Hi all,
>
> Am trying to implement disk encryption/decryption using truecrypt with
> security token support. I have a java card with openPGP applet loaded on to
> it. Inspite of configuring truecrypt to use the security token, its not
> finding it and notififng me with an error saying : security token error
> "FUNCTION NOT SUPPORTED ".

Considering the way it was abandoned by its developers, TrueCrypt is
probably not the best choice going forward.

That said, TrueCrypt only supports smartcards that use PKCS #11
libraries. Does the JavaCard you're using support PKCS #11? Does the
OpenPGP applet?

-- 
Pete Stephenson

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help need to use truecryt + openpgp applet.

2015-02-18 Thread Robert J. Hansen 
> Please help me with this.

Unfortunately, we really can't.  GnuPG is written in C, not Java, so
it's unlikely your OpenPGP applet uses GnuPG.  You might have better
luck on a mailing list for the applet you're using.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Help need to use truecryt + openpgp applet.

2015-02-18 Thread Ranjini H.K 
Hi all,

Am trying to implement disk encryption/decryption using truecrypt with
security token support. I have a java card with openPGP applet loaded on to
it. Inspite of configuring truecrypt to use the security token, its not
finding it and notififng me with an error saying : security token error
"FUNCTION NOT SUPPORTED ".

Please help me with this.

Regards,

Ranjini HK

Software Engineer - Tyfone, Inc.

Bangalore
www.tyfone.com

Mobile: +91-9886262192
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users