Date: Wed, 10 May 2017 09:39:03 +0200 From: Matthias Apitz <guru@unixarea.de> To: freebsd-usb@freebsd.org Subject: Re: GnuPG && card readers Message-ID: <20170510073903.GA2836@c720-r314251> In-Reply-To: <20170509213637.Horde.u9PInhb6UaNmyy2nhXlnMGr@webmail.leidinger.net> References: <20170509094729.GA3668@c720-r314251> <20170509213637.Horde.u9PInhb6UaNmyy2nhXlnMGr@webmail.leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
El día martes, mayo 09, 2017 a las 09:36:37p. m. +0200, Alexander Leidinger escribió: > Quoting Matthias Apitz <guru@unixarea.de> (from Tue, 9 May 2017 > 11:47:29 +0200): > > > Hello, > > > > The GnuPG project has a list of supported (USB) card readers: > > > > https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2503342 > > > > Any comments or experiences about which of them are supported in > > FreeBSD 12-C? > > Best would be the smallest one to carry it all day in the bag. > > It's not FreeBSD which needs the support. gnupg comes with the > drivers, FreeBSD only needs to see "a device on the bus", that's enough. > > Check out the ports security/opensc amd devel/libccid (and gnupg needs > to be build with the SCDAEMON option of the port). This will bring in > the pcsc-lite port as a depedency. Those are the "drivers" for USB > card readers if you want to use them beyond what gnupg will do. > > You need to pay attention that the card reader support "extended > APDUs" (or support for digital signatures, which is more likely to be > announced in marketing material from the vendor). It may be OK without > extended APDUs if you only use OpenPGP v2 cards and generate the > keys/certs on the card itself, but if you want to go for bigger keys > than documented to work on the cards (I was able to put 4k-keys on the > OpenPGP v2 cards) the extended APDUs are needed. If the reader is CCID > compatible, the libccid driver will probably work. You can use the > opensc and pcsc-lite tools to transfer certs to the card which you > created with openssl (e.g. 4k keys). Alexander, Thanks for your explanations. I will opt for the Omnikey 6121 Mobile USB and see what I can do with it. It sells for around 20 euro, shipping to .de included. matthias -- Matthias Apitz, ✉ guru@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170510073903.GA2836>