Hello, First: this is announce is aimed at potential contributors (code, documentation, ...) and experimentation (seeing what this is about, identifying bugs, ...). It is not aimed at general use: do not use this (yet) with valuable keys or data.
I would like to announce my implementation of a software CCID card reader targeting the Linux gadget subsystem, along with a smartcard OS and openpgp card application to use with this reader. - CCID card reader: https://github.com/vpelletier/python-usb-f-ccid - smartcard OS: https://github.com/vpelletier/python-smartcard - OpenPGP app: https://github.com/vpelletier/python-smartcard-app-openpgp I describe at length the thought process which led to this project in the README: https://github.com/vpelletier/python-smartcard-app-openpgp/blob/master/README.rst but in a nutshell this project should be seen as yet another computer holding private keys (with all the attack surfaces this implies), with the extra capability of being seen as a smartcard from a host computer. So, why not a real smartcard, with its minimal attack surface ? For the hardware flexibility: I wanted an inter-operable token capable of displaying a grid of random PINs, so that I can use it on an untrusted computer without leaking the PIN or using it behind my back, for uses where token theft (for actual use/exposure of the contained secrets) is not as important as resisting remote accesses. With this implementation, I can pick up a Pi Zero, put a 2 inches screen on it and get such functionality. I'm sure more creative uses of commonly available hardware can be found, and this is what this project is hoping to allow. The CCID card reader is considered to be feature-complete. The OpenPGP app passes the most important tests from the gnuk test suite (with a few minor patches I sent to its maintainer). Specifically, it fails strict ATR and Extended Capabilities comparison, because it does not implement the exact same set of features, and the non-standard admin-less test variants. The smartcard OS is the least polished part: it is supposed to be application-independent, but only the codepaths exercised by OpenPGP are known to work. I did implement a bit beyond that, but there is still a lot of work needed - although it is second in priority to OpenPGP implementation. Regards, -- Vincent Pelletier _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
