GnuPG && card readers

[Alexander Leidinger]

Quoting Matthias Apitz <guru at unixarea.de> (from Tue, 9 May 2017  
11:47:29 +0200):

> Hello,
>
> The GnuPG project has a list of supported (USB) card readers:
>
> https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2503342
>
> Any comments or experiences about which of them are supported in  
> FreeBSD 12-C?
> Best would be the smallest one to carry it all day in the bag.

It's not FreeBSD which needs the support. gnupg comes with the  
drivers, FreeBSD only needs to see "a device on the bus", that's enough.

Check out the ports security/opensc amd devel/libccid (and gnupg needs  
to be build with the SCDAEMON option of the port). This will bring in  
the pcsc-lite port as a depedency. Those are the "drivers" for USB  
card readers if you want to use them beyond what gnupg will do.

You need to pay attention that the card reader support "extended  
APDUs" (or support for digital signatures, which is more likely to be  
announced in marketing material from the vendor). It may be OK without  
extended APDUs if you only use OpenPGP v2 cards and generate the  
keys/certs on the card itself, but if you want to go for bigger keys  
than documented to work on the cards (I was able to put 4k-keys on the  
OpenPGP v2 cards) the extended APDUs are needed. If the reader is CCID  
compatible, the libccid driver will probably work. You can use the  
opensc and pcsc-lite tools to transfer certs to the card which you  
created with openssl (e.g. 4k keys).

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild at FreeBSD.org  : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.freebsd.org/pipermail/freebsd-usb/attachments/20170509/94f1ed71/attachment.sig>