OpenPGP カードのソースを表示

[[Category:認証]]
[[Category:デジタル署名]]
[[Category:暗号化]]
[[Category:OpenPGP]]
{{Related articles start}}
{{Related|ディスク暗号化}}
{{Related|アプリケーション一覧/セキュリティ#暗号化, 署名, ステガノグラフィー}}
{{Related|Nitrokey}}
{{Related|OpenPGP}}
{{Related|OpenPGP-card-tools}}
{{Related|Smartcards}}
{{Related|Yubikey}}
{{Related articles end}}

[[Wikipedia:OpenPGP_card|OpenPGP card]] describes an open standard for an application that runs on hardware security devices. Both open and closed source implementations exist.

The motivation to use OpenPGP card devices, as for all hardware security devices, is to not expose the private key material to the host computer.

With OpenPGP card it is possible to cover all [[OpenPGP]] private key operations: Decryption and signing.

== Installation ==

OpenPGP card devices can either be used with {{pkg|pcsclite}} and the {{pkg|ccid}} driver or with {{pkg|gnupg}} which includes its own, custom [[Wikipedia:CCID_(protocol)|CCID]] driver.

{{Note| [[GnuPG]] can optionally [[GnuPG#GnuPG_with_pcscd_(PCSC_Lite)|use the standard pcsclite smartcard middleware]] to access OpenPGP card devices.}}

== Key slots ==

OpenPGP card devices offer three dedicated slots for private key material, one each for signing, decryption and authentication.

{{Note| Some [[Yubikey]] devices offer a proprietary extension of the OpenPGP card standard, that adds a fourth special-purpose key slot called [https://developers.yubico.com/PGP/Attestation.html attestation].}}

== Ssh-agent ==

Using private key material in an authentication slot [[SSH]] logins can be performed by an [[SSH_keys#SSH_agents| ssh-agent]] implementation that can use OpenPGP card devices.
Available options include [[GnuPG#SSH_agent| GnuPG as ssh-agent]] and [[SSH_keys#OpenPGP_card_ssh-agent| openpgp-card-ssh-agent]].

== Further use-cases ==

OpenPGP card devices can be used in a wide range of contexts to perform [[OpenPGP]] operations for signing and decryption.
Typical uses include [[Git#Signing_commits| signing commits with git]] and [[Data-at-rest_encryption| data-at-rest encryption]] when integrating [[Thunderbird#Use_OpenPGP_with_external_GnuPG| Thunderbird with OpenPGP cards]] or when using [[pass]] for passwords.

== See also ==

* [https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.4.1.pdf "Functional Specification of the OpenPGP application on ISO Smart Card Operating Systems" by Achim Pietig]
* [https://www.fsij.org/doc-gnuk/intro.html Gnuk - An OpenPGP card implementation in C targeting STM32F103 processors]
* [https://github.com/Nitrokey/opcard-rs opcard-rs - OpenPGP card implementation in Rust]
* [https://github.com/github-af/SmartPGP SmartPGP - JavaCard implementation of the OpenPGP card specification]
* [https://developers.yubico.com/PGP/ Yubico's closed source OpenPGP card implementation]