In cryptography, the OpenPGP card[1] is an ISO/IEC 7816-4, -8 compatible smart card[2] that is integrated with many OpenPGP functions. Using this smart card, various cryptographic tasks (encryption, decryption, digital signing/verification, authentication etc.) can be performed. It allows secure storage of secret key material; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function."[1][3] However, new key pairs may be loaded onto the card at any time, overwriting the existing ones.

OpenPGP card
This is an image of an OpenPGP card from the vendor ZeitControl. This card is pre-punched to be used in ID-000 readers, as shown below
Card inside USB shell

The original OpenPGP card was built on BasicCard, and remains available at retail. Several mutually compatible JavaCard implementations of the OpenPGP Card's interface protocol are available as open source software and can be installed on generic JavaCard smart cards, including NFC-enabled cards.[4] Nitrokey[5] and Yubico provide USB tokens implementing the same protocol through smart card emulation.

The smart card daemon, in combination with the supported smart card readers,[6] as implemented in GnuPG, can be used for many cryptographic applications. With gpg-agent in GnuPG 2, an ssh-agent implementation using GnuPG, an OpenPGP card can be used for SSH authentication also.

Vendor IDs

edit
 
Yubico USB devices implement OpenPGP card and HOTP cryptographic algorithms.

An OpenPGP card features a unique serial number to allow software to ask for a specific card. Serial numbers are assigned on a vendor basis and vendors are registered with the FSFE.

Assigned vendor ids are:[7] [8]

ID Name Assignation date Comment
0x0000 Testcard Specification Reserved for testing.
0x0001 PPC Card Systems Specification
0x0002 Prism Payment Technologies 2005-09-02
0x0003 OpenFortress Digital signatures 2006-03-10
0x0004 Wewid AB 2008-01-26
0x0005 ZeitControl cardsystems GmbH 2009-06-02
0x0006 Yubico AB 2012-11-15
0x0007 OpenKMS 2014-01-20
0x0008 LogoEmail 2014-11-03
0x0009 Fidesmo AB 2015-10-21
0x000A Dangerous Things 2016-03-12
0x000B Feitian Technologies 2020-01-20
0x002A Magrathea 2009-05-25
0x0042 GnuPG e.V. 2017-11-01
0x1337 Warsaw Hackerspace 2014-12-08
0x2342 warpzone e.V. 2016-04-25
0x4354 Confidential Technologies 2018-10-04
0x5443 TIF-IT e.V. <= 2020-01-28
0x63AF Trustica s.r.o 2018-04-05
0xBA53 c-base e.V. 2020-03-03
0xBD0E Paranoidlabs 2018-02-01
0xF1D0 CanoKeys 2021-11-04
0xF517 Free Software Initiative of Japan 2010-09-06
0xF5EC F-Secure 2020-02-21
0xFF00..FFFE Random Specification Range reserved for randomly assigned serial numbers.
0xFFFF Testcard Specification Reserved for testing.

References

edit
  1. ^ a b OpenPGP Card specification - version 3.4.1, Achim Pietig, 2020. URL: https://gnupg.org/ftp/specs/OpenPGP-smart-card-application-3.4.1.pdf
  2. ^ The OpenPGP Card - How to use the Fellowship Smartcard - The GnuPG Smartcard HOWTO, Rebecca Ehlers, Thorsten Ehlers, et al., Free Software Foundation Europe e. V., 2005. URL: http://www.gnupg.org/howtos/card-howto/en/ch01.html#id2472312
  3. ^ OpenPGP Card specification - version 1.1, Achim Pietig, PPC Card Systems GmbH, 2004. URL: http://www.g10code.com/docs/openpgp-card-1.1.pdf
  4. ^ Nathan Willis (August 3, 2016). "Free software and smartcards". LWN.net.
  5. ^ Nitrokey, https://www.nitrokey.com/
  6. ^ Required Hardware - How to use the Fellowship Smartcard - The GnuPG Smartcard HOWTO, Rebecca Ehlers, Thorsten Ehlers, et al., Free Software Foundation Europe e. V., 2005. URL: http://www.gnupg.org/howtos/card-howto/en/ch02s02.html#id2519120
  7. ^ OpenPGP Card Vendors. Backup URL: https://web.archive.org/web/20181115153825/https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-verein.git;a=blob;f=office/misc/OpenPGP-Card-Vendors
  8. ^ OpenPGP Card Vendors. https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=scd/app-openpgp.c;h=e1ceed4bc62e41ccef1bec45561ffa5509e70d3a;hb=HEAD#l294