OpenPGP カード

提供: ArchWiki
2024年5月1日 (水) 18:16時点におけるKusanaginoturugi (トーク | 投稿記録)による版 (英語版より転載)
(差分) ← 古い版 | 最新版 (差分) | 新しい版 → (差分)
ナビゲーションに移動 検索に移動

関連記事

OpenPGP card describes an open standard for an application that runs on hardware security devices. Both open and closed source implementations exist.

The motivation to use OpenPGP card devices, as for all hardware security devices, is to not expose the private key material to the host computer.

With OpenPGP card it is possible to cover all OpenPGP private key operations: Decryption and signing.

Installation

OpenPGP card devices can either be used with pcsclite and the ccid driver or with gnupg which includes its own, custom CCID driver.

ノート: GnuPG can optionally use the standard pcsclite smartcard middleware to access OpenPGP card devices.

Key slots

OpenPGP card devices offer three dedicated slots for private key material, one each for signing, decryption and authentication.

ノート: Some Yubikey devices offer a proprietary extension of the OpenPGP card standard, that adds a fourth special-purpose key slot called attestation.

Ssh-agent

Using private key material in an authentication slot SSH logins can be performed by an ssh-agent implementation that can use OpenPGP card devices. Available options include GnuPG as ssh-agent and openpgp-card-ssh-agent.

Further use-cases

OpenPGP card devices can be used in a wide range of contexts to perform OpenPGP operations for signing and decryption. Typical uses include signing commits with git and data-at-rest encryption when integrating Thunderbird with OpenPGP cards or when using pass for passwords.

See also