GnuPG && card readers
Matthias Apitz
guru at unixarea.de
Wed May 10 07:39:14 UTC 2017
El día martes, mayo 09, 2017 a las 09:36:37p. m. +0200, Alexander Leidinger escribió:
> Quoting Matthias Apitz <guru at unixarea.de> (from Tue, 9 May 2017
> 11:47:29 +0200):
>
> > Hello,
> >
> > The GnuPG project has a list of supported (USB) card readers:
> >
> > https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2503342
> >
> > Any comments or experiences about which of them are supported in
> > FreeBSD 12-C?
> > Best would be the smallest one to carry it all day in the bag.
>
> It's not FreeBSD which needs the support. gnupg comes with the
> drivers, FreeBSD only needs to see "a device on the bus", that's enough.
>
> Check out the ports security/opensc amd devel/libccid (and gnupg needs
> to be build with the SCDAEMON option of the port). This will bring in
> the pcsc-lite port as a depedency. Those are the "drivers" for USB
> card readers if you want to use them beyond what gnupg will do.
>
> You need to pay attention that the card reader support "extended
> APDUs" (or support for digital signatures, which is more likely to be
> announced in marketing material from the vendor). It may be OK without
> extended APDUs if you only use OpenPGP v2 cards and generate the
> keys/certs on the card itself, but if you want to go for bigger keys
> than documented to work on the cards (I was able to put 4k-keys on the
> OpenPGP v2 cards) the extended APDUs are needed. If the reader is CCID
> compatible, the libccid driver will probably work. You can use the
> opensc and pcsc-lite tools to transfer certs to the card which you
> created with openssl (e.g. 4k keys).
Alexander,
Thanks for your explanations. I will opt for the Omnikey 6121 Mobile USB
and see what I can do with it. It sells for around 20 euro, shipping
to .de included.
matthias
--
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045
More information about the freebsd-usb
mailing list