Can a smart card store a private key?
What benefits do smart cards capable of storing private keys, and devices like the YubiKey Neo (which seems to be a smart card + usb reader in a single dongle) offer above storing private keys on a plain-old usb thumb drive? Does the smart card ever “reveal” the private key to applications like SSH or GPG?
How does an OpenPGP client decrypt a block?
Imagine your OpenPGP client (for example, GnuPG) sends a request “decrypt this cypher block” which then is performed by the card (the actual encryption is done using a block cypher which is much faster, and on the computer’s CPU), or “sign this user ID of this key”, which is again performed by the card.
How does a smart card provide real security?
The cards that provide real security do the signing with onboard keys, preferably generated on device too. The idea is the key never leaves the device under any circumstances because the client can’t be trusted (i.e. malware). Malware on PC is reduced to message forgery while the smartcard is insider.
Can a smartcard be used as malware on a computer?
Malware on PC is reduced to message forgery while the smartcard is insider. Depending on configuration, it might also take customization of the malware reducing your risk even further. Loosing a smartcard to a thief shouldn’t worry you as much as loosing a laptop or USB drive full of secrets.
Where do you store your personal private GPG key?
Using a JavaScript (read: offline) QR code generator, I create an image of my private key in ASCII armoured form, then print this off. Note alongside it the key ID and store it in a physically secure location. Here’s some that should work for you no matter what operating system you use, as long as you have a browser that supports JavaScript.
Can a public key pair be used with SSH?
To use this key pair with SSH, we need to export the Public part in the right format. Fortunately, there is a command to do just that:
Can a smart card be used for SSH?
Or the result of several hours of fumbling around trying to use my new Feitian ePass Smart Card to login on my ssh server with asymmetric cryptography… Surely, it can’t be too hard, right? It was too good to last, or “why does connecting from a Windows host have to be so hard?” Give me the command line already! What’s next?