Quantcast

Smart card

classic Classic list List threaded Threaded
64 messages Options
1234
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Smart card

William Senn
In my PGP research, I have been looking for a smart card that supports
openpgp. I found the OpenPGP Card Version 2.1 over at kernelconcepts,
but I'm wondering if they are still operational. I also saw something
called a Yubi Key on Amazon. I found this howto that is pretty dated:
https://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html

My questions for today are:

Are smartcards out of vogue? If not, can you suggest resources that will
help a newb make decisions regarding them?

If this has been addressed recently, my apologies, I couldn't find a
search interface for gnupg-users...

Thanks,

Will



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Robert J. Hansen-3
> Are smartcards out of vogue? If not, can you suggest resources that will
> help a newb make decisions regarding them?

Smartcards are not out of vogue for people who need them.  Those who
don't will be better served by avoiding them.  Do you have a need for
one?  If so, the kernelconcepts card works well, as do Yubikeys.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

alaricd

If you ask me... people don't want to learn anything, they are happy being ignorant and clueless about security.


Sent from my android device.

-----Original Message-----
From: "Robert J. Hansen" <[hidden email]>
To: [hidden email]
Sent: Mon, 03 Apr 2017 20:39
Subject: Re: Smart card

> Are smartcards out of vogue? If not, can you suggest resources that will
> help a newb make decisions regarding them?

Smartcards are not out of vogue for people who need them.  Those who
don't will be better served by avoiding them.  Do you have a need for
one?  If so, the kernelconcepts card works well, as do Yubikeys.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

William Senn
In reply to this post by Robert J. Hansen-3
On 4/3/17 8:37 PM, Robert J. Hansen wrote:
>> Are smartcards out of vogue? If not, can you suggest resources that will
>> help a newb make decisions regarding them?
> Smartcards are not out of vogue for people who need them.  Those who
> don't will be better served by avoiding them.  Do you have a need for
> one?  If so, the kernelconcepts card works well, as do Yubikeys.
>

What do you mean by "will be better served by avoiding them"? What's the
reservation?




_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Robert J. Hansen-3
> What do you mean by "will be better served by avoiding them"? What's the
> reservation?

Imagine we're in a restaurant and you ask me, "Should I order the
pizza?"  Well, beats heck out of me.  I don't know you from Adam, I
don't know your personal tastes, I don't even know if you're hungry.  So
I shrug and say, "Sure, if you like pizza."  You may think that's a
useless answer, but the question was no champ, either.

Should you get a smartcard?  Sure, if you need one.  But I don't know
how you expect me, or anyone else here, to be able to give a more
precise answer than that.  Only you can make those decisions about your
local security policy.

Smartcards haven't fallen out of vogue, but they're also not useful to
everyone.  Examine your needs, see if a smartcard can help satisfy those
needs, and then make your decision.  If you decide to go that route
there are plenty of people here who can help.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

William Senn

On 4/3/17 9:27 PM, Robert J. Hansen wrote:
>> What do you mean by "will be better served by avoiding them"? What's the
>> reservation?
> Imagine we're in a restaurant and you ask me, "Should I order the
> pizza?"  Well, beats heck out of me.  I don't know you from Adam, I
> don't know your personal tastes, I don't even know if you're hungry.  So
> I shrug and say, "Sure, if you like pizza."  You may think that's a
> useless answer, but the question was no champ, either.
I'm sure I should be offended, but I have a sneaky suspicion my question
sucked :).
> Should you get a smartcard?  Sure, if you need one.  But I don't know
> how you expect me, or anyone else here, to be able to give a more
> precise answer than that.  Only you can make those decisions about your
> local security policy.
I didn't ask if I should get one. I asked if there were resources to
help a newb make decisions regarding them. While I sense a certain
disdain in your response, I'll make some clarifying comments in the hope
that its worth the effort...

By way of analogy (only goes so far, I know, but certainly far enough),
let's take the realm of personal security, with which I am intimately
and extensively familiar. If someone comes up to me and asks me if I
could help point them to some resources about choosing a martial art, I
might answer as follows:

Should you study a martial art? Sure if you need to.

Probably not though. I would likely just ask the necessary, perhaps even
tedious guiding questions to help the novice understand why the question
lacks elegance and then try to make some reasonable suggestion for
further study. Something along the lines of: That's a pretty broad
question, grasshopper, are you wanting to study for health, safety, fun
or what? There's quite a bit of information out there on martial arts, a
pretty good place to start is
http://www.wikihow.com/Choose-a-Martial-Art, it's not a highly technical
reference, but it's pretty broad in its coverage and it's written for
the lay person. Oh, you've done Karate for a few years and Aiki, as
well. Huh, ok, in that case you need to self reflect a bit and perhaps
read some of the history associated with a variety of eastern and
western arts to inform your decision process...

I know, I'm a softy at heart and I'm by no means an RTFM, you should ask
better questions you moron, type. Although, I certainly have no problem
with those that are, other than finding them droll.

A simple, I don't really know of a good, current overview of Smart Cards
for non-expert users would have sufficed, that is if you lack knowledge
of such. Otherwise, I could sure use a steer to a good overview...
> Smartcards haven't fallen out of vogue, but they're also not useful to
> everyone.  Examine your needs, see if a smartcard can help satisfy those
> needs, and then make your decision.  If you decide to go that route
> there are plenty of people here who can help.
>
This is really good advice for practically any purchase/system
acquisition I'll ever make. I'll keep it in mind.



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Doug Barton
On 04/03/2017 08:33 PM, Will Senn wrote:
> I didn't ask if I should get one. I asked if there were resources to
> help a newb make decisions regarding them. While I sense a certain
> disdain in your response, I'll make some clarifying comments in the hope
> that its worth the effort...

Robert's answer was more than a little snarky, yes. But, you send your
question to a free mailing list, you get what you paid for. :)

Meanwhile, go back to your first post, and remember the question I asked
you, before anything else?

What's your threat model?

As Robert pointed out, it's really hard for us to give you a map if you
can't tell us what you want your destination to be.

Doug

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

William Senn

On 4/3/17 11:48 PM, Doug Barton wrote:

> On 04/03/2017 08:33 PM, Will Senn wrote:
>> I didn't ask if I should get one. I asked if there were resources to
>> help a newb make decisions regarding them. While I sense a certain
>> disdain in your response, I'll make some clarifying comments in the hope
>> that its worth the effort...
>
> Robert's answer was more than a little snarky, yes. But, you send your
> question to a free mailing list, you get what you paid for. :)
> Meanwhile, go back to your first post, and remember the question I
> asked you, before anything else?
>
> What's your threat model?
>
Fair enough, and I have learned quite a bit based on everyone's
responses. I admit, freely, to not understanding everything that y'all
have said. I do not really know what I need vs what I think I need. In
my uneducated state, I think I want to be as secure as possible and I'm
willing to invest time and energy in the pursuit of what knowledge I
need. But I don't know what I don't know. It just seems to me that if
having access to PGP helps me secure my email from prying eyes, and
keeps my sensitive files from being viewed by others, that is helpful.
What I've read seems to hint that a smart card is a good way to limit
some of the potential exposure of having keys laying around.

I thought I answered the threat model question, but if I haven't I'm
sorry. See if this is a threat model:

I'm a tech savvy citizen who wants to protect my email (Seems to be
working - Enigmail automates encryption, signing, and decryption pretty
seemlessly), protect my files on disk (GPG's symmetric encryption works
for this quite easily and well), sign files that I share (GPG signatures
seem ideal), verify software packages that I download (gpg --verify
seems much better than relying on a hash that has no relationship with
an identity), begin to establish a public identity that is trustable and
verifiable (web of trust type stuff, my understanding here begins to get
fuzzier), and do this on mac/linux (very rarely, windows) machines that
are permanently or occasionally attached to a reasonably secure home
network that is behind a reasonably sophisticated firewall, as well as a
laptop that occasionally connects to secure networks outside of the home.

What I noticed, while I was figuring out how to do the six normal gpg
operations, is that I have a hard time with key proliferation - it seems
like having lots of devices either makes for having lot of copies of
keys or lots of copying of files to and from the device with the keys...
So, I just thought (hoped) that a Smart Card might be a solution for a
problem like this :).

> As Robert pointed out, it's really hard for us to give you a map if
> you can't tell us what you want your destination to be.
>
> Doug

I get it. Thanks... if I could only figure out how to ask the right
question :).



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Jan Koppe
In reply to this post by William Senn
Hello Will,

somewhat off-topic, but..

On 04.04.2017 01:18, Will Senn wrote:

> If this has been addressed recently, my apologies, I couldn't find a
> search interface for gnupg-users...

You can use a google query like this:
"site:https://lists.gnupg.org/pipermail/gnupg-users/ <searchterm>"

This restricts the search to only the list archive.

Regards,
Jan


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

dalek
In reply to this post by Robert J. Hansen-3
On Mon, Apr 3, 2017 at 10:27 PM, Robert J. Hansen <[hidden email]> wrote:
>> What do you mean by "will be better served by avoiding them"? What's the
>> reservation?
>
> Imagine we're in a restaurant and you ask me, "Should I order the
> pizza?"  Well, beats heck out of me.  I don't know you from Adam, I
> don't know your personal tastes, I don't even know if you're hungry.  So
> I shrug and say, "Sure, if you like pizza."  You may think that's a
> useless answer, but the question was no champ, either.
>
      I think a better example would be "I've never ate a pizza
before. Should I try it?"

> Should you get a smartcard?  Sure, if you need one.  But I don't know
> how you expect me, or anyone else here, to be able to give a more
> precise answer than that.  Only you can make those decisions about your
> local security policy.
>
      On the OP's defense, I do not think he understands enough of
multifactor authentication in general and smartcards vs other
alternatives specifically to answer the question. And this is probably
what he had in mind with his rather poorly worded original question.

> Smartcards haven't fallen out of vogue, but they're also not useful to

      I will add that the "Are smartcards out of vogue?" question has
an loaded question taste to it. So, Will, what made you conclude that
smartcards are going the same place as 8-track and Betamax tapes?

> everyone.  Examine your needs, see if a smartcard can help satisfy those
> needs, and then make your decision.  If you decide to go that route
> there are plenty of people here who can help.
>
> _______________________________________________
> Gnupg-users mailing list
> [hidden email]
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Personal (open)
In reply to this post by Jan Koppe
On 4/4/17 6:46 AM, Jan Koppe wrote:
Hello Will,

somewhat off-topic, but..

On 04.04.2017 01:18, Will Senn wrote:

If this has been addressed recently, my apologies, I couldn't find a
search interface for gnupg-users...
You can use a google query like this:
"site:https://lists.gnupg.org/pipermail/gnupg-users/ <searchterm>"

This restricts the search to only the list archive.

Regards,
Jan



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hello there.

Firstly, congrats on your journey to learn the intimacy of a more secure lifestyle.  You mention your have ~ 6 devices with keys.  Generally it is advised to have a 'Master" set which would be backed up on smartcard, ( in my case a  Yubikey 4 - a usb sized smartcard with the smartcard/gpg applet cooked into the device ).  with `portable` keychains on the 6 devices.   Preferably these have at least 1 subkey each that can be used to maintain trust chains god forbid the main key or conversely the subkey is lost/compromised. as keys/subkeys are link-able via some small portion of the key data. Smartcard(s) purchase in your case would be advisable as you are on multiple devices and having a portable subkey on your other devices and the master key(s) on your Smartcard would also provide a  sense of hardware-based 2fa and make the keys otherwise rather useless for anyone else. Due to form factor I'm a bit biased to usb form factor, also they tend to have the lowest bar of entry as any pc I've encountered built post 1980 has a usb 1.0+ port.  In this context "smartcard" refers to the device type not a technology per-say, but a method/device to implement said technology (gpg among others).

Something else to consider is that not all smartcards are equal some merely hold gpg keys, some like Yubikeys have other 2fa technologies onboard like x.509 keys (in a secure element storage on the device) and OTP ( Yubicloud,TOTP,HOTP,Chal-Resp, etc). so consider these things more thoroughly and tehn research brands from there, revisiting this list if needed.

Respectfully,
-- 
Corey W Sheldon
ph: +1 (310).909.7672
Personal:0x90DD92F222C15DC2 || A897 3F1B A97B 33BC 5F73  CBBE 90DD 92F2 22C1 5DC2 
Fedora:0x32C80DA97E25CEFE || 0DB4 A35F 22B9 C6DF 0F56  BEB8 32C8 0DA9 7E25 CEFE
Ameridea (Admin):0x5C9AB5EC2C5CA3DA || 420D 115E 791D F34F C445  BEC1 5C9A B5EC 2C5C A3DA
Freelance IT Consultant, Multi-Discipline Tutor
Fedora AmbaNA (linuxmodder)
Ameridea LLC Founder, CEO

Find me elsewhere:
https://gist.github.com/linux-modder/ac5dc6fa211315c633c9

"One must never underestimate the power of boredom...from which creativity and laziness are borne, which can spark great works of chaos and genius."  --Anonymous

"Any man willing to retreat freedom for security is deserving of neither." (Pp) -- Benjamin Franklin.  

This document, including attachments, is intended for the person or company named and contains confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please destroy this message and notify the sender.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

sheldon_corey.vcf (341 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Andrew Gallagher
In reply to this post by dalek
On 04/04/17 11:22, Mauricio Tavares wrote:
> I will add that the "Are smartcards out of vogue?" question has
> an loaded question taste to it.

Depends whether by "smartcard" you mean the technology or the form
factor. The underlying protocol is here for the long term - it's the
same one banks use for credit cards so even if it's not fashionable, it
will still be supported by software for the foreseeable future.

But smart cards (the form factor) really only make practical sense if
your equipment has a built-in smart card reader - and that is highly
dependent on industry fashion. My current work laptop has an inbuilt
reader and that's why I chose a full format smartcard over a yubikey or
a clamshell reader - both of which are less physically portable but
more logically portable.

So while the smartcard protocol may be here to stay, the credit-card
form factor might not. But don't agonise over it. As long as you are
careful and keep an offline backup of your primary key and encryption
subkey, all you lose by picking an obsolete form factor is the money
you spent on the physical hardware.

Andrew.



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

William Senn
In reply to this post by Jan Koppe
Hi Jan,

On 4/4/17 1:46 AM, Jan Koppe wrote:

> Hello Will,
>
> somewhat off-topic, but..
>
> On 04.04.2017 01:18, Will Senn wrote:
>
>> If this has been addressed recently, my apologies, I couldn't find a
>> search interface for gnupg-users...
> You can use a google query like this:
> "site:https://lists.gnupg.org/pipermail/gnupg-users/ <searchterm>"
>
> This restricts the search to only the list archive.
I've used site syntax all over the place, but I just never thought to
use it against a mailing list archive in this way, so obvious in retrospect.

Thanks!



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Robert J. Hansen-3
In reply to this post by William Senn
> I do not really know what I need vs what I think I need.

Completely non-snarky: this is an important realization to make and
we're happy to help with this.  Getting this answered will go a long way
towards answering your "should I get a smartcard?" question.

> In my uneducated state, I think I want to be as secure as possible

Again, completely non-snarky: this is the most common newbie mistake
there is.  The name of the game is not risk minimization -- it's risk
*management*.

> What I've read seems to hint that a smart card is a good way to
> limit some of the potential exposure of having keys laying around.

They can be.  They can also be right royal pains in the ass, too.  I
have a kernelconcepts card and use it to store my secret key, since my
laptop is a theft target.  Whenever I receive an encrypted email I have
to rummage in my laptop bag for my card reader, find it, plug it in, get
my wallet, rifle through it for the card, plug it into the reader,
discover gpg-agent got wedged, kill gpg-agent, try to decrypt the
message, enter my PIN, and finally get my message.

It's annoying as hell.  OTOH, I deal with some high-value secrets.  If I
was dealing with lower-value secrets I probably wouldn't bother.

> protect my files on disk (GPG's symmetric encryption works for this
> quite easily and well)

I used to work in computer forensics.  GnuPG's symmetric encryption is
probably not working as well for you as you think, since it doesn't
remove traces of plaintext from the hard drive.  (In its defense, it
really can't.)

Use an encrypted file system instead.

> I get it. Thanks... if I could only figure out how to ask the right
> question :).

As in most of life, this is the big trick.  :)


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

William Senn
In reply to this post by dalek

On 4/4/17 5:22 AM, Mauricio Tavares wrote:

> On Mon, Apr 3, 2017 at 10:27 PM, Robert J. Hansen <[hidden email]> wrote:
>>> What do you mean by "will be better served by avoiding them"? What's the
>>> reservation?
>> Imagine we're in a restaurant and you ask me, "Should I order the
>> pizza?"  Well, beats heck out of me.  I don't know you from Adam, I
>> don't know your personal tastes, I don't even know if you're hungry.  So
>> I shrug and say, "Sure, if you like pizza."  You may think that's a
>> useless answer, but the question was no champ, either.
>>
>       I think a better example would be "I've never ate a pizza
> before. Should I try it?"
>
>> Should you get a smartcard?  Sure, if you need one.  But I don't know
>> how you expect me, or anyone else here, to be able to give a more
>> precise answer than that.  Only you can make those decisions about your
>> local security policy.
>>
>       On the OP's defense, I do not think he understands enough of
> multifactor authentication in general and smartcards vs other
> alternatives specifically to answer the question. And this is probably
> what he had in mind with his rather poorly worded original question.
Yes, sadly this is true, but I'm reading everything in sight trying to
get up to speed. Security sites are littered with trashy, half-true,
jargon ridden, gobbledegook, with a few gems here and there and a lot of
it is so not newb friendly. Admittedly, I'm not your average user, just
an uninformed one in the security realm, still, the going is a bit
rough. I appreciate y'alls patience as I get up to speed. I'll try not
to be a bore.

>
>> Smartcards haven't fallen out of vogue, but they're also not useful to
>       I will add that the "Are smartcards out of vogue?" question has
> an loaded question taste to it. So, Will, what made you conclude that
> smartcards are going the same place as 8-track and Betamax tapes?
>
>
The kernelconcepts website has this banner:
Soon the shop will return ... until then, please order the old-fashioned
way by sending an email to [hidden email].

So I emailed them and waited a week with no response. I then went
looking for alternatives and found many sites that referred to that site
as their distributor. Regarding the yubikey, I read a post that
expressed some doubts about recent versions (completely unsubstantiated,
but data of a sort nonetheless). Amazon didn't offer much in the way of
product. Based on limited evidence I thought I should ask y'all. Hence
the pointedness of the question. In retrospect, my original email would
have been MUCH different :).

Thanks,

Will



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Andrew Gallagher
On 04/04/17 13:47, Will Senn wrote:
> So I emailed them and waited a week with no response. I then went
> looking for alternatives and found many sites that referred to that site
> as their distributor.

I bought mine from cryptoshop.com and was satisfied with the experience.

A


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Teemu Likonen
In reply to this post by William Senn
Will Senn [2017-04-04 00:19:11-05] wrote:

> On 4/3/17 11:48 PM, Doug Barton wrote:
>> What's your threat model?
>
> [...] I do not really know what I need vs what I think I need. In my
> uneducated state, I think I want to be as secure as possible [...]

Considering possible threats is useful or even extremely important but
here's another point of view. Perhaps it can be just "I'm interested in
security technology and want to study smart cards. Thus, I'll buy one
and learn how it works. Maybe it will turn out useful or even
necessary."

--
/// Teemu Likonen   - .-..   <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (463 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Wouter Verhelst
In reply to this post by William Senn
Hi Will,

On Mon, Apr 03, 2017 at 06:18:59PM -0500, Will Senn wrote:
> Are smartcards out of vogue?

No.

Smartcards are useful. They ensure that the private half of your key is
never on any hard disk or other general storage device, and therefore
that it cannot possibly be stolen (because there's only one possible
copy of it).

Smartcards are a pain in the ass. They ensure that the private half of
your key is never on any hard disk or other general storage device but
instead sits in your wallet, so whenever you need to access it, you need
to grab your wallet to be able to do so, which takes more effort than
just firing up GnuPG. If your laptop doesn't have a builtin cardreader,
you also need to fish the reader from your backpack or wherever, etc.

Additionally, unfortunately accessing smartcards from software isn't
always an entirely painless operation, and that may result in things
like https://twitter.com/wouter_verhelst/status/844686341711581185

My most recent key uses a smart card from kernelconcepts (who are very
much still alive -- at $WORK we recently bought two of their cards as
well), but I don't recommend it to everyone, and I certainly wouldn't
recommend it if you're just getting started with GnuPG.

Regards,

--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
       people in the world who think they really understand all of its rules,
       and pretty much all of them are just lying to themselves too.
 -- #debian-devel, OFTC, 2016-02-12

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Robert J. Hansen-3
> Smartcards are a pain in the ass.

A funny but completely accurate way to put it:

When your private key is on your laptop, you never put it through the
wash by accident.

(I can tell you from personal experience most smartcards handle being
washed just fine, but the static charges they're exposed to in the dryer
will often fry them.)

Once you make a smartcard into a credit card, or a dongle you hang off
your keychain, you open yourself up to some very interesting failure
modes -- many of which you won't see coming.  For instance, I once tried
to pay for a hotel with my kernelconcepts card, because it was located
adjacent to my credit card and I pulled it out by accident.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Smart card

Teemu Likonen
In reply to this post by Wouter Verhelst
Wouter Verhelst [2017-04-08 10:16:36+02] wrote:

> Smartcards are a pain in the ass. [...] If your laptop doesn't have a
> builtin cardreader, you also need to fish the reader from your
> backpack or wherever, etc.

But Nitrokey, Yubikey and maybe some other smart "keys" are actually
handy. Using them don't cause pain in any part of my body.

https://www.nitrokey.com/
https://www.yubico.com/

--
/// Teemu Likonen   - .-..   <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (463 bytes) Download Attachment
1234
Loading...