Hi all!
Maybe a bit off-topic, but since I don't want to repeat and repeat and
repeat...
On Tue, 12 Aug 2008 23:12:57 +0200, Luca Capello wrote:
> I brought something like 7/8 OpenPGP cards [1] together with a
> CHIPDRIVE SIM Card Stick [2] (which is a resold version of the SCM
> SCR3320 [3]).
[...]
> If anyone is interested in buying either one or more cards or the
> reader, please look for me [4].
Since it seems that quite a lot of people were/are interested, I can buy
again some and then send them to the people interested. And the same
could happen for the readers, at least if you don't want to spend time
to look for them.
So, if anyone is interested, he should get in contact with me: I don't
know the best way to manage this, either through the Debian Wiki (is
this kind of use allowed?) or any other mailing list (debian-curiosa?).
I performed all my tests using the PC/SC standard [1] through pcscd [2].
A list of all the supported readers is available at [3]. Other
accessing methods are available (e.g. OpenCT [4]), but I've never tested
them.
Now, more information about the cards. They are in full credit card
size. They can work with any SIM-size reader, but you need to cut them.
I already did it several times and I now have a template to do it, so I
can do it for you. You'll end up with a SIM-size card *and* the
template, which means that you can still use the card with a full-size
reader :-)
Their price can be checked on kernel concepts website [5]: since I
bought 10 of them, the price was around €14. I guess that the price
should go down even further for bigger purchase numbers.
About how to use the card with GnuPG, please read the documents at [6]
and the GnuPG Smartcard HowTo at [7]. If you don't understand something
or have any question, feel free to write me and I'll help you as much as
I can. My biggest recommandations are to use the card with subkeys and
to generate the encryption subkey on a desktop machine, making a backup
of it and then moving it to the card [8].
And now for the readers!
I tested two full-size PCMCIA models (Gemplus/Gemalto [9] and Omnikey
[10]): while they both worked, the former seems to give some problems
[11] and the second needs a binary-only handler from upstream [12], but
it seems that GnuPG2 should support it internally [13].
I tested three USB readers, all of them working without out of the box
with pcscd. The SCM SCR335 [14] (also known as CHIPDRIVE micro pro
[15]) is a full-size reader, it costs €30 from kernel concepts [5] and
it's internally supported by GnuPG [13]. As SIM-size readers, there are
the SCM SCR3320 [16] (or CHIPDRIVE SIM Card Stick [17]) and the Omnikey
CardMan 6121 USB [18]. The latter exists also coupled with a flash
memory, produced by Eutron (sorry, flash required [19]).
I think it's enough. I now realised that it could have been a good talk
for a BoF, next time!
Thx, bye,
Gismo / Luca
Footnotes:
[1] http://en.wikipedia.org/wiki/PC/SC
[2] http://packages.debian.org/pcscd
[3]
[4] http://packages.debian.org/openct
[5] http://www.kernelconcepts.de/en/shop/products/security.shtml
[6] http://www.fsfe.org/en/card/
[7] http://www.gnupg.org/howtos/card-howto/en/smartcard-howto.html
[8] this will let you decrypt your mail even if the card will break,
will be lost or stolen
[9] http://www.gemalto.com/products/pc_card/
[10] http://www.omnikey.com/?id=3&tx_okprod_pi1[product]=27
[11] http://bugs.debian.org/459827
[12] http://packages.debian.org/sid/pcsc-omnikey
[13] http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120
[14] http://www.scmmicro.com/security/view_product_en.php?PID=11
[15] http://www.chipdrive.de/cgi-bin/edcstore.cgi?user_action=detail&catalogno=P208199
[16] http://www.scmmicro.com/security/view_product_en.php?PID=6
[17] http://www.chipdrive.de/cgi-bin/edcstore.cgi?user_action=list&category=Produkt;02_L%F6sungen;02_SIMCardStick
[18] http://www.omnikey.com/?id=products&tx_okprod_pi1[product]=29
[19] http://www.eutron.it
Attachment:
pgpFIoy4xOqBA.pgp
Description: PGP signature