Reiner-SCT CyberJack secoder 2 (v2.2.0 USB 0c4b:0400)

I was going through some old hardware and came across this device Is it useful with gnupg or any other free software? Can anybody provide any links about how to use it with free software? Or is it better to just throw it away/recycle it and use something newer? Reiner SCT cyberJack secoder 2 v

Re: PGP for official documents / eIDAS and ZertES

On 31/05/17 19:34, ankostis wrote: > On 31 May 2017 at 15:14, Daniel Pocock wrote: >> >> Are the CMS, PDF or XML standards flexible enough that a PGP signature >> could be used within any of them and thereby satisfy the legislation? > > IANAL, but I would

Re: PGP for official documents / eIDAS and ZertES

On 31/05/17 13:54, Rainer Hoerbe wrote: > Hi Daniel, > > The eIDAS regulation is replacing the national e-signature laws to make > signatures (besides other other things) interoperable across borders. > While the law is fairly technology-neutral, the implementation acts have > to reference speci

Re: PGP for official documents / eIDAS and ZertES

On 30/05/17 22:17, Stefan Claas wrote: > > > On 30.05.17 08:05, Daniel Pocock wrote: >> >> Does anybody know of certificate authorities who are willing to sign PGP >> keys or has anybody ever looked into making that happen? > Hi Daniel, > > plea

PGP for official documents / eIDAS and ZertES

Hi all, Can PGP / GnuPG be used in a way that makes signatures compliant with the European eIDAS[1] or Switzerland's ZertES[2]? Do those standards explicitly require X.509 based solutions? Or could a certificate authority sign people's PGP keys and their PGP key could then be used for signing o

Re: smartcard reader

On 19/10/16 13:01, Werner Koch wrote: > On Mon, 17 Oct 2016 22:50, gnudev...@gmail.com said: > >> SCM SPR 532 USB ID: 04e6:e003 PC/SC reader name: SPRx32 > > FWIW, the company is known indentive but the readers still work. > >> KAAN Advanced USB ID: 0d46: > > Has problems with larger signing

Re: reviewing wiki / shortlist PIN-pad readers

> On 10/18/2016 04:51 PM, Daniel Pocock wrote: >> I was looking at this page: >> >> https://wiki.gnupg.org/CardReader/PinpadInput >> >> Are any of these more outstanding than the others, or it doesn't matter >> which one somebody chooses? >>

reviewing wiki / shortlist PIN-pad readers

I was looking at this page: https://wiki.gnupg.org/CardReader/PinpadInput Are any of these more outstanding than the others, or it doesn't matter which one somebody chooses? Could anybody comment on which of those are easily available in small quantities for developers, or suppliers who are co

mentors needed for the PGP Clean Room project in Outreachy/GSoC

Hi all, I've advertised[1] the PGP Clean Room in the current round of Outreachy and it will probably be promoted in GSoC 2017 too. We already have a couple of applicants interested in working on it, their details are in the pki-clean-room list archive[2] Would anybody from the GnuPG community

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 26/04/16 09:53, Daniel Pocock wrote: > > There has been some discussion on debian-devel[1] about making a > bootable Debian Live CD specifically for GnuPG > This can now be used, command line only for the moment, as described in my blog[1] about it If anybody wants to he

short list of recommended card readers?

Can anybody make recommendations for a short list of card readers, preferably with PIN pads? I've got the SPR532[1] and found it works fine but it is no longer listed on the vendor's web site[2], I've previously tested Reiner SCT cyberJack Secoder 2 and found it didn't[3] work. I'm looking at

storing private key on multiple SD cards / SD card RAID

Has anybody seen any MicroSD card readers that take multiple cards for use with btrfs, md RAID or other software RAID/replication solutions? I listed a few here: https://wiki.debian.org/OpenPGP/CleanRoomLiveEnvironment#Multiple_flash_card_readers This would be useful for storing private keys o

Re: managing OpenPGP cards in batch mode?

On 05/05/16 08:11, Robert J. Hansen wrote: >> Out of curiosity, where are these rules defined? > > The Free Software Foundation requires them for all FSF-sponsored mailing > lists. Thou Shalt Not Advocate Proprietary Software. I wish I had a > link but I don't -- I was told about this Thou

Re: managing OpenPGP cards in batch mode?

On 04/05/16 11:55, Werner Koch wrote: > On Wed, 4 May 2016 11:40, pe...@digitalbrains.com said: > >> Werner, would you recommend they use 2.1 or 2.0 for the Debian Live CD? > > 2.1 of course > I already raised the topic of using 2.1, there is some feedback about it in the bug tracker, especi

Re: managing OpenPGP cards in batch mode?

On 03/05/16 15:55, Dashamir Hoxha wrote: > On Tue, May 3, 2016 at 3:04 PM, Daniel Pocock <mailto:dan...@pocock.pro>> wrote: > > I tried this with GnuPG 2.0.26 on Debian: > > $ gpg2 --card-edit --batch > gpg: can't do this in batch mode > &

managing OpenPGP cards in batch mode?

I tried this with GnuPG 2.0.26 on Debian: $ gpg2 --card-edit --batch gpg: can't do this in batch mode Is this supported in newer versions or can it be done with GPGME? In particular, I would like the user to be able to do things like: - set PINs - set language - set name - set URL

Reiner SCT cyberJack Secoder 2 / PIN pad support?

I've got this device with a built-in PIN pad: Reiner SCT cyberJack Secoder 2 / PIN pad support? $ lsusb -v ... idVendor 0x0c4b Reiner SCT Kartensysteme GmbH idProduct 0x0400 ... $ opensc-tool -l # Detected readers (pcsc) Nr. Card Features Name 0NoPIN pad R

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 27/04/16 15:39, Peter Lebbing wrote: > On 26/04/16 09:53, Daniel Pocock wrote: >> There has been some discussion on debian-devel[1] about making a >> bootable Debian Live CD specifically for GnuPG > > I think this is interesting, and I would probably use it. But I

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 27/04/16 11:53, Werner Koch wrote: > On Tue, 26 Apr 2016 22:51, r...@sixdemonbag.org said: > >> Well, there's a little bit of a chicken-and-the-egg problem here. If >> new projects are told "don't evangelize here", how will they let users >> who might be interested in their project know it e

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 26/04/16 17:29, Dashamir Hoxha wrote: > On Tue, Apr 26, 2016 at 4:57 PM, Daniel Pocock <mailto:dan...@pocock.pro>> wrote: > > > > On 26/04/16 15:40, Dashamir Hoxha wrote: > > On Tue, Apr 26, 2016 at 3:11 PM, Robert J. Hansen <mailto:r...@s

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 26/04/16 15:40, Dashamir Hoxha wrote: > On Tue, Apr 26, 2016 at 3:11 PM, Robert J. Hansen > wrote: > > When asking other people to do things for you, it pays to keep in mind > how valuable the community has deemed your contributions. If you > haven't

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 26/04/16 14:16, Dashamir Hoxha wrote: > On Tue, Apr 26, 2016 at 1:16 PM, Daniel Pocock <mailto:dan...@pocock.pro>> wrote: > > Could you add a section to the wiki about this, with an itemized list of > the tasks that need to be done, e.g. > > * pack

Re: making a Debian Live CD for managing GnuPG master key and smartcards

On 26/04/16 12:52, Dashamir Hoxha wrote: > On Tue, Apr 26, 2016 at 9:53 AM, Daniel Pocock <mailto:dan...@pocock.pro>> wrote: > > > There has been some discussion on debian-devel[1] about making a > bootable Debian Live CD specifically for GnuPG > >

making a Debian Live CD for managing GnuPG master key and smartcards

There has been some discussion on debian-devel[1] about making a bootable Debian Live CD specifically for GnuPG The benefit is that everything on the CD is self-contained, it can't be tampered with, it can run without network support in the kernel and the workflow would be controlled by a script.

problems after changing primary UID

I recently changed my primary UID from dan...@pocock.com.au to dan...@pocock.pro I've been able to sign from one machine but not from another. The second machine only has subkeys. On the second machine, I would always get "secret key not available" errors from git tag, signing packages, etc. I

Smartcard Linux stack diagram?

I came across this diagram of the stack including OpenSC and GnuPG: https://blog.flameeyes.eu/2011/04/additional-notes-about-the-smartcard-components-diagram Is this still accurate? I notice a couple of small things missing: Scute: it should be a link between gpg-agent and NSS? StrongSWAN:

Debian crypto strength

Some of the discussion in this bug seems relevant to the GnuPG and GnuPG2 packages in Debian, but the bug is against the archive pseudo-package: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612657 Can anybody else make any comments: a) should there be more effort to phase out SHA1? b) how i

Re: subkeys on smartcard?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/06/13 15:30, Hauke Laging wrote: > Am Mi 26.06.2013, 15:10:19 schrieb Daniel Pocock: > >> Essentially, can anyone confirm why it is recommended to only store >> subkeys on a smart card? > > That has little to do with sma

subkeys on smartcard?

I understand this is a bit old, but I believe the concept is still current: http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2507429 Essentially, can anyone confirm why it is recommended to only store subkeys on a smart card? a) is it because of the risk that the card mi

Re: using OpenPGP card as an X.509 CA?

On 25/06/13 15:28, Werner Koch wrote: > On Tue, 25 Jun 2013 12:43, dan...@pocock.com.au said: >> I understand the OpenPGP card can hold one X.509 certificate > Actually the card does not hold any certifciate but merely the keys and > OpenPGP fingerprints of the certificates. You can very well use

using OpenPGP card as an X.509 CA?

I understand the OpenPGP card can hold one X.509 certificate Can this be used in practice to run an in-house CA to sign other X.509 certificates, e.g. for small VPN setups? Also, can the X.509 cert on the OpenPGP card be used with StrongSwan (as a client or server cert for VPN)?

using OpenPGP card as an X.509 CA?

I understand the OpenPGP card can hold one X.509 certificate Can this be used in practice to run an in-house CA to sign other X.509 certificates, e.g. for small VPN setups? Also, can the X.509 cert on the OpenPGP card be used with StrongSwan (as a client or server cert for VPN)?