[developer preview] smartcard + opengp as a linux gadget
First: this is announce is aimed at potential contributors (code,
documentation, ...) and experimentation (seeing what this is about,
identifying bugs, ...). It is not aimed at general use: do not use this
(yet) with valuable keys or data.
I would like to announce my implementation of a software CCID card
reader targeting the Linux gadget subsystem, along with a smartcard OS
and openpgp card application to use with this reader.
So, why not a real smartcard, with its minimal attack surface ?
For the hardware flexibility: I wanted an inter-operable token capable
of displaying a grid of random PINs, so that I can use it on an
untrusted computer without leaking the PIN or using it behind my back,
for uses where token theft (for actual use/exposure of the contained
secrets) is not as important as resisting remote accesses.
With this implementation, I can pick up a Pi Zero, put a 2 inches
screen on it and get such functionality.
I'm sure more creative uses of commonly available hardware can be
found, and this is what this project is hoping to allow.
The CCID card reader is considered to be feature-complete.
The OpenPGP app passes the most important tests from the gnuk test
suite (with a few minor patches I sent to its maintainer).
Specifically, it fails strict ATR and Extended Capabilities comparison,
because it does not implement the exact same set of features, and the
non-standard admin-less test variants.
The smartcard OS is the least polished part: it is supposed to be
application-independent, but only the codepaths exercised by OpenPGP
are known to work. I did implement a bit beyond that, but there is
still a lot of work needed - although it is second in priority to
Re: [developer preview] smartcard + opengp as a linux gadget
Vincent Pelletier wrote:
> I would like to announce my implementation of a software CCID card
> reader targeting the Linux gadget subsystem, along with a smartcard OS
> and openpgp card application to use with this reader.
Great. (And thanks for the patches for tests of Gnuk. I'll apply
FWIW, it was around 2008/2009, when Daiki Ueno had an implementation of
USB token toolkit with Linux gadget, called "Tandoori" (IIRC). I think
that the purpose was similar.
However, today, I can't find any code.
All that I found is a record of symposium called ComSys2008 (in