Appendix A. Appendix

Table of Contents

A.1. A small OpenPGP card FAQ
Glossary
Further resources

A.1. A small OpenPGP card FAQ

A.1.1. If I'm correctly informed GnuPG and smartcards use 1024 Bit RSA. Some say the security level of RSA-1024 is comparable too about 80 Bit symmetric key and cannot be regarded as highly secure.
A.1.2. Where do I get a reader?
A.1.3. How do I use the cryptocard on MacOSX?
A.1.4. I am having problems, where do I get further help?
A.1.1.

If I'm correctly informed GnuPG and smartcards use 1024 Bit RSA. Some say the security level of RSA-1024 is comparable too about 80 Bit symmetric key and cannot be regarded as highly secure.

The quality and security of the implementation and the entire environment and not the length of the key protect the secret key against a compromise by any non-physical attack.

2048 bit RSA is possible but at the moment far too expensive. The specification allows for 2048 Bit RSA cards. Feel free to build one.

A.1.2.

Where do I get a reader?

Currently we know that you may order card readers from kernelconcepts. The website is only in German, but you can order the "USB Chip-Karten Lesegeraet SCM SCR-335" for 29,00 EUR from all over Europe; either by prepayment via bank transfer or paypal. You have to sent your orders via email to . If you have questions considering the order you can contact in English or German.

In the UK, SCM card readers can be purchased online from http://www.crownhill.co.uk/.

A.1.3.

How do I use the cryptocard on MacOSX?

There is a description on http://www.py-soft.co.uk/~benjamin/download/mac-gpg/.

A.1.4.

I am having problems, where do I get further help?

If you need further help, please take a look at the GnuPG mailing lists.

Glossary

CHV

Card Holder Verification, commonly followed by a number denoting which CHV is meant. The OpenPGP card uses three CHVs: CHV1, CHV2, CHV3. They are often also referenced as PIN 1, PIN2, PIN 3. CHV3 is used as the so called Admin PIN (which is sometimes also called S(ecurity)O(fficer) PIN).

PC/SC

Personal computer/Smart Card. The standard framework for Smart Card access on Windows Platforms (included in Windows2000). There are also implementations for GNU/Linux and other Free OSes (i.e. pcsclite).

CCID

Chip Card Interface Description. The specification for the USB device class used for chip card readers is 11 (0x0B).

OpenPGP

OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann. The OpenPGP protocol defines standard formats for encrypted messages, signatures, and certificates for exchanging public keys.

Further resources

Online

Free Software Foundation Europe. Fellowship of FSFE.

g10 Code. The OpenPGP Card.

Olaf Kirch. Smart Cards on Linux.