-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
smartcard support #54
Comments
Somebody is working on this? |
I also have an interest to get neopg runing with my NitroKey The link to OpenSC means, we should use this library in neopg? Unfortunately it has dependencies to openssl :-( .... but I can start with that to include into cmake build system or is there another library? Or add smartcard support "from scratch" with PCSC? |
The goal is to be as "normal" as possible. I think this means using whatever is the platform default. I removed pcscd support from the legacy code some time ago, and kept ccid. But I think that was a mistake. For interoperability with other smartcard applications we need to use whatever operating system service is common. I am open to advice on that matter! |
I compiled OpenSC and did a deeper look.
Also I read that they implement v2.0, but I see in the code also they accept The bigger issue that I have is, after I install OpenSC I only have libs without any header files. It looks like, OpenSC provides only PKCS#11 library to use in third party application. I didn't read any think about OpenPGP in the Creating applications with smart card support. I think, OpenPGP is not a subset of PKCS#11, so it is not possible to use the PKCS#11 for OpenPGP smart card applications. But this is only a assuption from my side. I think, next I will ask in the OpenSC mailing list about OpenSC.
A mistake, no. It is a good idea to verify if they already exists something that is ready to use :-).
@lambdafu Let me ask in the next days on the OpenSC mailing list. Then we have a better understanding about OpenSC and OpenCT. |
The support for OpenPGP Card v3 is mostly included already in OpenSC 19.0. I don't know how the implementation is working if you want to include it in a project though. The only things that are missing regarding v3 are the new features like ECC support, multiple certs and alike. I am kind of working on that. The most important source files for OpenPGP Card are: I don't know what you need especially and what you are looking for. I may can help. |
Hi @alex-nitrokey ... nice to have you here 👍 ... help is always welcome :-) I build and install from the |
Interesting, I read this here: |
As far as I can say you don't use them directly anyway. Instead you probably use one of the libraries (see below). Unfortunately, I only worked with OpenSC directly so far, but did not try to integrate it in another program. For me it looks like the previously linked instructions of the OpenSC project is the best resource for this objective. Especially the listed PKCS11 libraries should help here, but as I said, I have no experience with it yet. I'd be happy to hear how it worked out. |
For integrating OpenSC, you find an example application here. |
@alex-nitrokey Ok, I will try to use opensc-pkcs11.so ... @jans23 Ah great 👍 there is an example, how to use For a quick test, I use the
@jans23 I see in https://github.com/Nitrokey/nitrokey-encryption-tool there is also no support to sign. Is this not possible via the |
Please try to add a "--id 03". This should help. The third key slot is supposed to be used for signing. As pkcs11-tool is a general purpose tool of OpenSC this has to be set manually. Make sure you have a key in the third slot 😉 |
I create a POC version with
Only key generation is not possible. Neither on the card nor upload local generated keys. Every time I get an I try to look how gnupg-pkcs11 implemented the key generation. It looks like there are also not generating the keys, but this is only an assumption from me! Maybe I find the time to test this. I think, NEOPG should have support for PKCS11 but when I created the POC version I considered that NEOPG maybe needs also a well documented API how a linux distribution, window manager or maybe a vendor can implement/links again there own support of smartcard daemon. |
It is possible but not in scope of the Encryption Tool (yet). Regarding key generation: It would be good to give users the option to make a key backup. Technically this results in two approaches: Note that GnuPG offers these options too but doesn't allow a full key backup but only a backup of the encryption key (not signing and auth keys). IMHO this is a very confusing and limiting design choice which neopg should avoid. |
https://github.com/OpenSC/OpenSC/wiki/OpenPGP-card
The text was updated successfully, but these errors were encountered: