At Fri, 22 Jul 2005 22:19:22 +0200, Werner Koch wrote: > > OpenPGP cards with 2048 bit keys don't seem to be available at all. > > However, ordinary ISO 7816-4 compliant smart cards are available > > through online outlets. For example CryptoFlex and CyberFlex cards > > can be > > Good luck getting a secure and fast 2k RSA card.
Your wording implies that the cards I mentioned aren't both secure and fast. Any pointers? > > A simpler solution, though, would probably be porting code for > > accessing an Axalto CryptoFlex 32k to GnuPG, or helping fork a > > "clean" PKCS#11 library from OpenSC and interfacing it to GnuPG. > > But before thinking > > We won't support pkcs#11 becuase it is not a standard I know that the PKCS are more or less standard suggestions. IMHO this isn't that interesting, though. The point is that AFAICS PKCS#11 clearly defines an API, and perhaps it may become an ISO standard in the future (as other PKCS have done). If GnuPG would provide an interface to PKCS#11, then the user would have the choice among all crypto devices for which free software PKCS#11 implementations are available. Aside from OpenCS there are other PKCS#11 libraries such as the MUSCLE Framework or openCryptoki (unfortunately those two feature GPL incompatible licenses but who says that this won't change?). > but a way to interconnect proprietary applications using proprietary > extesions to pkcs#11. Well I guess one doesn't have to use those unless one interfaces with proprietary libs (which is not an option due to licensing issues). > > The thing is: All that I need is a card that can securely store a > > (private) RSA key and that can encrypt and decrypt data with this > > key. > > Well, I am using that for a long time now and the latest gpg releases > work pretty well. However it you want 2048k RSA I have no instant > solution; Perhaps I'll indeed buy two of those because everything else seems to be like too much hassle. I may limit my new master key's life time to two years, and then see if other devices are around. > OTOH the card is for sure not the weakest link and 1024 RSA is still > far out of scope of any attack. About the weakest link: For a master key the length of the key may well be the weakest link if the master key is stored away in a safe place and if it is only used once in a while on reasonably tamper proof systems not connected to a network. [1] https://sourceforge.net/projects/opencryptoki/ -- Felix E. Klee _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
