OpenPGP card

Type of cryptographic smart card

This is an image of an OpenPGP card from the vendor ZeitControl. This card is pre-punched to be used in ID-000 readers, as shown below

Card inside USB shell

In cryptography, the OpenPGP card^[1] is an ISO/IEC 7816-4, -8 compatible smart card ^[2] that is integrated with many OpenPGP functions. Using this smart card, various cryptographic tasks (encryption, decryption, digital signing/verification, authentication etc.) can be performed. It allows secure storage of secret key material; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function."^[1]^[3] However, new key pairs may be loaded onto the card at any time, overwriting the existing ones.

The original OpenPGP card was built on BasicCard, and remains available at retail. Several mutually compatible JavaCard implementations of the OpenPGP Card's interface protocol are available as open source software and can be installed on generic JavaCard smart cards, including NFC-enabled cards.^[4] Nitrokey ^[5] and Yubico provide USB tokens implementing the same protocol through smart card emulation.

The smart card daemon, in combination with the supported smart card readers,^[6] as implemented in GnuPG, can be used for many cryptographic applications. With gpg-agent in GnuPG 2, an ssh-agent implementation using GnuPG, an OpenPGP card can be used for SSH authentication also.

Vendor IDs

[edit ]

Yubico USB devices implement OpenPGP card and HOTP cryptographic algorithms.

An OpenPGP card features a unique serial number to allow software to ask for a specific card. Serial numbers are assigned on a vendor basis and vendors are registered with the FSFE.

Assigned vendor ids are:^[7]^[8]

ID	Name	Assignation date	Comment
0x0000	Testcard	Specification	Reserved for testing.
0x0001	PPC Card Systems	Specification
0x0002	Prism Payment Technologies	2005年09月02日
0x0003	OpenFortress Digital signatures	2006年03月10日
0x0004	Wewid AB	2008年01月26日
0x0005	ZeitControl cardsystems GmbH	2009年06月02日
0x0006	Yubico AB	2012年11月15日
0x0007	OpenKMS	2014年01月20日
0x0008	LogoEmail	2014年11月03日
0x0009	Fidesmo AB	2015年10月21日
0x000A	VivoKey	2016年03月12日
0x000B	Feitian Technologies	2020年01月20日
0x000D	Dangerous Things	2021年03月09日
0x000E	Excelsecu	2021年03月09日
0x000F	Nitrokey	2022年07月28日
0x0010	NeoPGP	2024年05月26日
0x0011	Token2	2024年05月22日
0x002A	Magrathea	2009年05月25日
0x0042	GnuPG e.V.	2017年11月01日
0x1337	Warsaw Hackerspace	2014年12月08日
0x2342	warpzone e.V.	2016年04月25日
0x4354	Confidential Technologies	2018年10月04日
0x5343	SSE Carte à puce	2021年06月10日
0x5443	TIF-IT e.V.	<= 2020年01月28日
0x63AF	Trustica s.r.o	2018年04月05日
0xBA53	c-base e.V.	2020年03月03日
0xBD0E	Paranoidlabs	2018年02月01日
0xCA05	Atos CardOS	2022年05月10日
0xF1D0	CanoKeys	2021年11月04日
0xF517	Free Software Initiative of Japan	2010年09月06日
0xF5EC	F-Secure	2020年02月21日
0xFF00..FFFE	Random	Specification	Range reserved for randomly assigned serial numbers.
0xFFFF	Testcard	Specification	Reserved for testing.

References

[edit ]

^ ^a ^b OpenPGP Card specification - version 3.4.1, Achim Pietig, 2020. URL: https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.4.1.pdf
^ The OpenPGP Card - How to use the Fellowship Smartcard - The GnuPG Smartcard HOWTO, Rebecca Ehlers, Thorsten Ehlers, et al., Free Software Foundation Europe e. V., 2005. URL: http://www.gnupg.org/howtos/card-howto/en/ch01.html#id2472312
^ OpenPGP Card specification - version 1.1, Achim Pietig, PPC Card Systems GmbH, 2004. URL: http://www.g10code.com/docs/openpgp-card-1.1.pdf
^ Nathan Willis (August 3, 2016). "Free software and smartcards". LWN.net .
^ Nitrokey, https://www.nitrokey.com/
^ Required Hardware - How to use the Fellowship Smartcard - The GnuPG Smartcard HOWTO, Rebecca Ehlers, Thorsten Ehlers, et al., Free Software Foundation Europe e. V., 2005. URL: http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120
^ OpenPGP Card Vendors. Backup URL: https://web.archive.org/web/20181115153825/https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-verein.git;a=blob;f=office/misc/OpenPGP-Card-Vendors
^ OpenPGP Card Vendors. https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=scd/app-openpgp.c;h=e1ceed4bc62e41ccef1bec45561ffa5509e70d3a;hb=HEAD#l294

v
t
e

Public-key cryptography

Algorithms

Integer factorization	Benaloh Blum–Goldwasser Cayley–Purser Damgård–Jurik GMR Goldwasser–Micali Naccache–Stern Paillier Rabin RSA Okamoto–Uchiyama Schmidt–Samoa
Discrete logarithm	BLS Cramer–Shoup DH DSA ECDH X25519 X448 ECDSA EdDSA Ed25519 Ed448 ECMQV EKE ElGamal signature scheme MQV Schnorr SPEKE SRP STS
Lattice/SVP/CVP/LWE/SIS	BLISS Kyber NewHope NTRUEncrypt NTRUSign RLWE-KEX RLWE-SIG
Others	AE CEILIDH EPOC HFE IES Lamport McEliece Merkle–Hellman Naccache–Stern knapsack cryptosystem Three-pass protocol XTR SQIsign SPHINCS⁺

Theory

Standardization

Topics

v t e Cryptography
General	History of cryptography Outline of cryptography Classical cipher Cryptographic protocol Authentication protocol Cryptographic primitive Cryptanalysis Cryptocurrency Cryptosystem Cryptographic nonce Cryptovirology Hash function Cryptographic hash function Key derivation function Secure Hash Algorithms Digital signature Kleptography Key (cryptography) Key exchange Key generator Key schedule Key stretching Keygen Machines Ransomware Random number generation Cryptographically secure pseudorandom number generator (CSPRNG) Pseudorandom noise (PRN) Secure channel Insecure channel Subliminal channel Encryption Decryption End-to-end encryption Harvest now, decrypt later Information-theoretic security Plaintext Codetext Ciphertext Shared secret Trapdoor function Trusted timestamping Key-based routing Onion routing Garlic routing Kademlia Mix network
Mathematics	Cryptographic hash function Block cipher Stream cipher Symmetric-key algorithm Authenticated encryption Public-key cryptography Quantum key distribution Quantum cryptography Post-quantum cryptography Message authentication code Random numbers Steganography
Category

Retrieved from "https://en.wikipedia.org/w/index.php?title=OpenPGP_card&oldid=1291091960"