From owner-freebsd-usb@freebsd.org Wed May 10 07:39:14 2017 Return-Path: Delivered-To: freebsd-usb@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38A7BD66A69 for ; Wed, 10 May 2017 07:39:14 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from ms-10.1blu.de (ms-10.1blu.de [178.254.4.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F2D8A392 for ; Wed, 10 May 2017 07:39:13 +0000 (UTC) (envelope-from guru@unixarea.de) Received: from [89.204.130.99] (helo=localhost.unixarea.de) by ms-10.1blu.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from ) id 1d8MDA-0007Ko-IE for freebsd-usb@freebsd.org; Wed, 10 May 2017 09:39:04 +0200 Received: from localhost.my.domain (localhost [127.0.0.1]) by localhost.unixarea.de (8.15.2/8.14.9) with ESMTPS id v4A7d351002937 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Wed, 10 May 2017 09:39:03 +0200 (CEST) (envelope-from guru@unixarea.de) Received: (from guru@localhost) by localhost.my.domain (8.15.2/8.14.9/Submit) id v4A7d3KC002936 for freebsd-usb@freebsd.org; Wed, 10 May 2017 09:39:03 +0200 (CEST) (envelope-from guru@unixarea.de) X-Authentication-Warning: localhost.my.domain: guru set sender to guru@unixarea.de using -f Date: Wed, 10 May 2017 09:39:03 +0200 From: Matthias Apitz To: freebsd-usb@freebsd.org Subject: Re: GnuPG && card readers Message-ID: <20170510073903.GA2836@c720-r314251> Reply-To: Matthias Apitz Mail-Followup-To: Matthias Apitz , freebsd-usb@freebsd.org References: <20170509094729.GA3668@c720-r314251> <20170509213637.Horde.u9PInhb6UaNmyy2nhXlnMGr@webmail.leidinger.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20170509213637.Horde.u9PInhb6UaNmyy2nhXlnMGr@webmail.leidinger.net> X-Operating-System: FreeBSD 12.0-CURRENT r314251 (amd64) User-Agent: Mutt/1.8.0 (2017-02-23) X-Con-Id: 51246 X-Con-U: 0-guru X-Originating-IP: 89.204.130.99 X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 May 2017 07:39:14 -0000 El día martes, mayo 09, 2017 a las 09:36:37p. m. +0200, Alexander Leidinger escribió: > Quoting Matthias Apitz (from Tue, 9 May 2017 > 11:47:29 +0200): > > > Hello, > > > > The GnuPG project has a list of supported (USB) card readers: > > > > https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2503342 > > > > Any comments or experiences about which of them are supported in > > FreeBSD 12-C? > > Best would be the smallest one to carry it all day in the bag. > > It's not FreeBSD which needs the support. gnupg comes with the > drivers, FreeBSD only needs to see "a device on the bus", that's enough. > > Check out the ports security/opensc amd devel/libccid (and gnupg needs > to be build with the SCDAEMON option of the port). This will bring in > the pcsc-lite port as a depedency. Those are the "drivers" for USB > card readers if you want to use them beyond what gnupg will do. > > You need to pay attention that the card reader support "extended > APDUs" (or support for digital signatures, which is more likely to be > announced in marketing material from the vendor). It may be OK without > extended APDUs if you only use OpenPGP v2 cards and generate the > keys/certs on the card itself, but if you want to go for bigger keys > than documented to work on the cards (I was able to put 4k-keys on the > OpenPGP v2 cards) the extended APDUs are needed. If the reader is CCID > compatible, the libccid driver will probably work. You can use the > opensc and pcsc-lite tools to transfer certs to the card which you > created with openssl (e.g. 4k keys). Alexander, Thanks for your explanations. I will opt for the Omnikey 6121 Mobile USB and see what I can do with it. It sells for around 20 euro, shipping to .de included. matthias -- Matthias Apitz, ✉ guru@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045