Date: Tue, 09 May 2017 21:36:37 +0200 From: Alexander Leidinger <Alexander@leidinger.net> To: Matthias Apitz <guru@unixarea.de> Cc: freebsd-usb@freebsd.org Subject: Re: GnuPG && card readers Message-ID: <20170509213637.Horde.u9PInhb6UaNmyy2nhXlnMGr@webmail.leidinger.net> In-Reply-To: <20170509094729.GA3668@c720-r314251>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Quoting Matthias Apitz <guru@unixarea.de> (from Tue, 9 May 2017 11:47:29 +0200): > Hello, > > The GnuPG project has a list of supported (USB) card readers: > > https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2503342 > > Any comments or experiences about which of them are supported in > FreeBSD 12-C? > Best would be the smallest one to carry it all day in the bag. It's not FreeBSD which needs the support. gnupg comes with the drivers, FreeBSD only needs to see "a device on the bus", that's enough. Check out the ports security/opensc amd devel/libccid (and gnupg needs to be build with the SCDAEMON option of the port). This will bring in the pcsc-lite port as a depedency. Those are the "drivers" for USB card readers if you want to use them beyond what gnupg will do. You need to pay attention that the card reader support "extended APDUs" (or support for digital signatures, which is more likely to be announced in marketing material from the vendor). It may be OK without extended APDUs if you only use OpenPGP v2 cards and generate the keys/certs on the card itself, but if you want to go for bigger keys than documented to work on the cards (I was able to put 4k-keys on the OpenPGP v2 cards) the extended APDUs are needed. If the reader is CCID compatible, the libccid driver will probably work. You can use the opensc and pcsc-lite tools to transfer certs to the card which you created with openssl (e.g. 4k keys). Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJZEhpFAAoJEKrxQhqFIICEj98P/jKxQhFNTpxQ5mhXvDph1ZVB aWlNvOmrOqeqGe5EzP/QoLP3n+3wmmrjpY/L3udZx8fHPSyCUqMO8V6YSbkn8INS /6n1XfiRxMzHSIEpP7aJDGuXDrVg32jaiU2E0aVW824N8J7pLxjnCar9qp4Ryy1S cigPilBn+KYRRs8qfnyhHDg7nbDMQEIKpH4f6Sd2eQJx3+m/AjRnnxs8r0lfHrtO cO4Roiu5lQhRQWYMyvK9PMILC2XFkeIeeJ2ED8Y2zuAD0kzEHJ9jbDcLzwUkIErC 4LIRpJadJ+wouN52B2OSwWmU92DONbmLQofOBwzsaNMrzt+JC6Jv6eQ2RIQeCchS sBtu/PmY/ty2eT8cUY9mwIL+E5AqAxNM6wNN70xk5AJYRpaPDBHdCqavfYkridgd /uFP03Y72OpEOYmawogbe8fdVpE1Wx0owoXvd1DgBKAXtl5ysfDERlFQJOZdhGh4 DPXRfn501r0utVm3d17UNBPk+jmCkRa1vHn/KYoj6ZDnOJO6ytx+nPO3QPqnxIJA yBBYjsG2KTHM2Pp86AmrXV8aN4EQFPWZ4xPXcFu6Wwy8CSEuCVYs5d2NZowCge37 ZnSwaq4jHmvEo0B4UAJSwjskotyXmMMwHu4Ut4MZk6c0jk0kLc8ihiXZPHzE9VYU 0zd9mLldmrQoOLxBXeFq =sfMP -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170509213637.Horde.u9PInhb6UaNmyy2nhXlnMGr>