Re: Increasing Public Key Crypto Security with Handhelds
Brian Ristuccia <firstname.lastname@example.org> writes:
>I just came up with what I think may be a good way to increase the security
>of GNU Privacy Guard using a cheap handheld computer like the Palm III or
>the Handspring visor. I'm sure this has been proposed before with smartcard
>technology or something similar. I'm not a cryptographer, so I'm interested
>in hearing your comments.
This has already been done by implementing a PKCS #11 interface to a Palm
Pilot, the idea is that you use the Palm Pilot in place of a more usual crypto
token like a smart card or iButton. Unfortunately the only implementations I
know of are stuck behind the iron curtain (and even there they're not widely
circulated), so they're not accessible to non-US users.
The easiest way to handle this would be to take gpkcs11,
http://www.trustcenter.de/html/Produkte/TC_PKCS11/1494.htm, and port it to the
Palm Pilot so it can act as a PKCS #11 token. For handling the other side of
things, I hope to release my general-purpose PKCS #11 interface code before the
end of the year, this has been tested with a wide variety of tokens including
smart cards, iButtons, crypto hardware, datakeys, and other bits and pieces,
so you could use that to talk to the Palm Pilot.