Hi Josh, I used my OpenPGP SmartCard [1] since last year and It works very well. You're right when you say all decrypting/signing is on the device, but you have to know it's little slower than when private key is on disk. You can bought one on FSFE but it's more expensive [2]
Another thing to know, if you generate your key on the card, you have NO WAY TO BACKUP IT !!! So a common thing to do, it's to generate your master key from LiveUSB (Tails for exemple), generate your subkey and copy to your smart card. Don't forget to backup your master key. [3] About the smartcard reader, it's your choice of level security. I've choosen standard USB PC/SC Gemalto or small +ID reader [4]. With this, I have to enter my PIN on my computer with Pinentry. Other want physical reader to enter the pin for better security. On Windows, it's very easy with GPG4Win to use or configure the card. Everything on Windows is made to make things easier. But on Linux is not so easy. You have to install all needed depencies for the reader (pcscd) and sometimes Gnome Keyring will make harder to make it work [5]. In conclusion, I love my card but I have always my reader with me. Is not very simple for day-to-day use and I waiting FS-BB48 [6] from NIIBE to switch to full USB device. [1] http://shop.kernelconcepts.de/ [2] https://fsfe.org/fellowship/card.en.html [3] http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups [4] http://www.pluss-id.com/ [5] http://www.ozonesolutions.com/programming/2014/04/pgp-smart-card-ssh-login-gpg-agent-ubuntu/ [6] http://www.gniibe.org/memo/development/fs-bb48/fs-bb48-idea.html Antoine Michard GPG Key: 0xF5C9E7CD0882B381 Le 26/02/2016 23:08, Joshua Terrill a écrit : > Hello, > > I am looking to play around/experiment with gnupg and smart cards. From > what little research I've done, I've read about OpenPGP smart cards > don't reveal private keys, and do all decrypting/signing on the device > itself after entering a PIN. Do I have a correct understanding of this, > and if so, is this the common/most secure way to use these cards? For > simple encrypting, decrypting, and signing what card and card reader > would you recommend? I have a windows environment and an ubuntu > environment that I can play with it on. > > Thanks! > -Josh > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
