Benjamin Donnachie wrote: > It struck me as ironic that OpenPGP isn't that open! I started work on > an open implementation on a BasicCard but, due to licensing > restrictions, I am unable to get a card with RSA card built in and > implementing RSA using the binary left to right method in Basic with > limited memory and processing power is no mean feat!
I got interested as well and though I understand it, I also see a lot of added value in a true Open Source implementation. I'm looking into implementing it on a general processor microcontroller, I have experience with microcontroller programming. The main problem I see so far is working out a way to get decent random numbers, for blinding and key generation. Personally I don't use the latter function, because it lacks the possibility for backups. So far, it seems all cards that offer a true RNG out-of-the-box are exactly those cards that also have other crypto functions, and all have Non-Disclosure Agreements. It would be so great if general-purpose CPU smartcards would be taken to a new level with true RNG and more memory without any NDA's! Limited memory is an issue, but I think not a show stopper. Hardware TRNG isn't even difficult to create AFAIK, but obviously you can't add one to a smartcard yourself. I understand the decisions taken in the current and only implementation of the OpenPGP card, but it's interesting to try other approaches. In the worst case you build experience :). And when there is an unsurmountable problem, it might provide a nice code-base to work from when a future card would overcome those problems (I'm mostly thinking of TRNG and memory size). Peter. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
