From owner-freebsd-usb@freebsd.org Tue May 9 19:37:12 2017 Return-Path: Delivered-To: freebsd-usb@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98692D66E30 for ; Tue, 9 May 2017 19:37:12 +0000 (UTC) (envelope-from Alexander@leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:375::1:5]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2ECA98EA for ; Tue, 9 May 2017 19:37:12 +0000 (UTC) (envelope-from Alexander@leidinger.net) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1494358598; bh=oo4kgLpQz1n8r7FDg65xup5LsjgXaxmUrP/5lGx5mls=; h=Date:From:To:Cc:Subject:In-Reply-To; b=WpL3FUgubMSVx2S4y+ZJoSpjwl9yQ8JQSBBR/xiIwpzd0hBMjKNNe6unGDT4hr7Ai hgELS2cawPCQAzgqJhl8DT+dyBp0MuwbIryzDZk3gi5aQ3J6RsY0GZbxFAG/ax3I82 NLIry5yXLA8Mh1DzYeuE8x+FzLLIZG/o3v38M4SD6Keb9YRcHyYAo0CfRQDntLqHWv RJJ/Dv8peZ/QKrNXGR3NSCwdeRDkvwIZ6mFQc6YJuwWMN+Cb9ZbaWOaxyRMSxVObv8 EhaA7KJ5J7ps3VgrglQXrjXIS2WJpMvb/SdmyrRsYY6I9shQGxy1LfUqU4zaalv7Ou W8RbYmRKaOW5g== DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=leidinger.net; s=outgoing-alex; t=1494358630; bh=oo4kgLpQz1n8r7FDg65xup5LsjgXaxmUrP/5lGx5mls=; h=Date:From:To:Cc:Subject:In-Reply-To; b=FuORcRvK+EcWehJ3GU8VVjecJ/q5t+56/hH4r3v2BzcRGNJfDt9Fq+iyCSkopbX9B Np67xOmbGYgjY+6hG7aGtVtII6LZ5Uo4PdUuqKTjEU/kncCShFS8qpw9QU7mExxcL6 HRCkvT6Yii3rKUEssx9nDM/xxSEkQaj23vYRa3ZkqPXGajJpAOVGRysJ7RStt9ncLK qjWLW0NtKMg/CCQrQHyQNld0RDJUPLHTX+r/SCEDJDU3E8Hd8JO/Wnhso71OcYe//P FfCqrhfw092O8jrspssAfHpmKzrgcjmR+gqyFD9B+llL8eudQj0r1yJjHcITa9y4hg 31jJNcM2nkieQ== Date: Tue, 09 May 2017 21:36:37 +0200 Message-ID: <20170509213637.Horde.u9PInhb6UaNmyy2nhXlnMGr@webmail.leidinger.net> From: Alexander Leidinger To: Matthias Apitz Cc: freebsd-usb@freebsd.org Subject: Re: GnuPG && card readers In-Reply-To: <20170509094729.GA3668@c720-r314251> User-Agent: Horde Application Framework 5 Content-Type: multipart/signed; boundary="=_-MrAqL6oA1SlQai_zrudX-K"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 May 2017 19:37:12 -0000 This message is in MIME format and has been PGP signed. --=_-MrAqL6oA1SlQai_zrudX-K Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Matthias Apitz (from Tue, 9 May 2017=20=20 11:47:29=20+0200): > Hello, > > The GnuPG project has a list of supported (USB) card readers: > > https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2503= 342 > > Any comments or experiences about which of them are supported in=20=20 >=20FreeBSD 12-C? > Best would be the smallest one to carry it all day in the bag. It's not FreeBSD which needs the support. gnupg comes with the=20=20 drivers,=20FreeBSD only needs to see "a device on the bus", that's enough. Check out the ports security/opensc amd devel/libccid (and gnupg needs=20= =20 to=20be build with the SCDAEMON option of the port). This will bring in=20= =20 the=20pcsc-lite port as a depedency. Those are the "drivers" for USB=20=20 card=20readers if you want to use them beyond what gnupg will do. You need to pay attention that the card reader support "extended=20=20 APDUs"=20(or support for digital signatures, which is more likely to be=20= =20 announced=20in marketing material from the vendor). It may be OK without=20= =20 extended=20APDUs if you only use OpenPGP v2 cards and generate the=20=20 keys/certs=20on the card itself, but if you want to go for bigger keys=20= =20 than=20documented to work on the cards (I was able to put 4k-keys on the=20= =20 OpenPGP=20v2 cards) the extended APDUs are needed. If the reader is CCID=20= =20 compatible,=20the libccid driver will probably work. You can use the=20=20 opensc=20and pcsc-lite tools to transfer certs to the card which you=20=20 created=20with openssl (e.g. 4k keys). Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_-MrAqL6oA1SlQai_zrudX-K Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJZEhpFAAoJEKrxQhqFIICEj98P/jKxQhFNTpxQ5mhXvDph1ZVB aWlNvOmrOqeqGe5EzP/QoLP3n+3wmmrjpY/L3udZx8fHPSyCUqMO8V6YSbkn8INS /6n1XfiRxMzHSIEpP7aJDGuXDrVg32jaiU2E0aVW824N8J7pLxjnCar9qp4Ryy1S cigPilBn+KYRRs8qfnyhHDg7nbDMQEIKpH4f6Sd2eQJx3+m/AjRnnxs8r0lfHrtO cO4Roiu5lQhRQWYMyvK9PMILC2XFkeIeeJ2ED8Y2zuAD0kzEHJ9jbDcLzwUkIErC 4LIRpJadJ+wouN52B2OSwWmU92DONbmLQofOBwzsaNMrzt+JC6Jv6eQ2RIQeCchS sBtu/PmY/ty2eT8cUY9mwIL+E5AqAxNM6wNN70xk5AJYRpaPDBHdCqavfYkridgd /uFP03Y72OpEOYmawogbe8fdVpE1Wx0owoXvd1DgBKAXtl5ysfDERlFQJOZdhGh4 DPXRfn501r0utVm3d17UNBPk+jmCkRa1vHn/KYoj6ZDnOJO6ytx+nPO3QPqnxIJA yBBYjsG2KTHM2Pp86AmrXV8aN4EQFPWZ4xPXcFu6Wwy8CSEuCVYs5d2NZowCge37 ZnSwaq4jHmvEo0B4UAJSwjskotyXmMMwHu4Ut4MZk6c0jk0kLc8ihiXZPHzE9VYU 0zd9mLldmrQoOLxBXeFq =sfMP -----END PGP SIGNATURE----- --=_-MrAqL6oA1SlQai_zrudX-K--