On Thu Feb 19 2015 at 12:23:34 PM Matthias-Christian Ott <o...@mirix.org> wrote:
> On 2015-02-19 09:23, Ranjini H.K wrote: > > Yes my java card supports PKCS#11. Am not so sure about OpenPGP applet. > > What should i do othercase To make my OpenPGP applet support PKCS#11. > > Your Java Card does probably not support PKCS #11. An applet on the card > might implement it. To make it work, you need a PKCS #11 middleware and > tell TrueCrypt about it (Settings > Security Tokens... > PKCS #11 > Library Path). If you are using an applet that is supported by OpenSC, > you can use OpenSC. Otherwise you have to resort to the proprietary > middleware supplied by the vendor. OpenPGP cards should be supported by > OpenSC and should be usable with TrueCrypt [1]. There is also a > proprietary PKCS #11 library that should provide a PKCS #11 interface > for OpenPGP cards [2]. Otherwise you can try Scute [3]. > > That said, it is probably better to ask on the OpenSC mailing list [4] > about PKCS #11. > > The Java Card OpenPGP applet seems to be maintained by Yubico at the > moment [5]. > > Regards, > Matthias-Christian > > [1] https://github.com/OpenSC/OpenSC/issues/125 > [2] http://smartcard-auth.de/download-de.html > [3] http://www.scute.org/ > [4] http://sourceforge.net/p/opensc/mailman/ > [5] https://github.com/Yubico/ykneo-openpgp > The main issue is that TrueCrypt does not generate a key on-card, but instead it stores pin-protected data which it reads out when it needs to unlock the disk. OpenPGP cards, if I recall right, have no capability to store arbitrary data. Perhaps you can file a feature-request against VeraCrypt (the "current" TrueCrypt project) to implement a mechanism where the master key (or subkey of sorts) is encrypted with a key stored on-card.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
