Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated Security Tokens (markdown)

Dominik Schürmann 2018-09-07 21:36:15 +02:00
parent 47d5ad7c31
commit 7e5e2578d1
1 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Security-Tokens.md

@ -24,18 +24,6 @@
## NFC on-card key-gen
Roughly every third key generation on card fails with all tested smart cards and YubiKey NEO. For more details see our [research paper](https://www.ibr.cs.tu-bs.de/papers/schuermann-imwut2017.pdf). OpenKeychain currently generates keys on the smartphones and then moves them to the card.
## Are there other compatible security tokens besides the recommended ones?
Besides Fidesmo, YubiKey, we don't know of other NFC-enabled security tokens that support OpenPGP out of the box. You can however buy one of the following products and install [ykneo-openpgp](https://github.com/Yubico/ykneo-openpgp) by yourself. We wouldn't encourage you to do this as it requires to install special tools.
| Card | ykneo-openpgp | SmartPGP |
|------|------|------|
| [J3D081, JCOP v2.4.2 Card from cryptoshop.com](http://www.cryptoshop.com) | ✔ | 𐄂 |
| Fidesmo | https://github.com/fidesmo/ykneo-openpgp/pull/1/files | |
| Javacardos.com A22CR | see https://www.javacardos.com/javacardforum/viewforum.php?f=36 , uses stripped down version: https://github.com/JavaCardOS/OpenPGPApplet/compare/master...Yubico:master | |
| NXP JCOP J2A040 | https://github.com/Yubico/ykneo-openpgp/issues/51 | |
| NXP J3D081 | ? | Fails to install v3.0.1 branch |
| [NXP J3H081 SCP02 and SCP03 from motechno.com](https://www.motechno.com/buy/j3h081-jcop3/) | ? | MUST USE v3.0.1 branch. Install of cap file from master branch fails with ``INSTALL [for install and make selectable] failed: 0x6F00``. ``-default`` on install bricks card. |
## Are external USB Smartcard Reader supported?
Not officially. However, you can turn on "Allow untested USB Devices", under experimental settings and try your reader. It must have a CCID interface and you should insert the OpenPGP card before plugging in the reader. We found that Nexus 5X reboots, but Nexus 6P works. Readers on [this page](https://pcsclite.alioth.debian.org/ccid/supported.html) will work with higher probability but we cannot provide any recommendations, we still recommend one of the supported security tokens from the table above. Some discussions about this is in [#1912](https://github.com/open-keychain/open-keychain/issues/1912)
@ -68,6 +56,19 @@ Never set one app as the default in Android's selection dialog! Only the app sel
* https://github.com/Nitrokey/nitrokey-storage-firmware
## Java cards
Besides Fidesmo, YubiKey, we don't know of other NFC-enabled security tokens that support OpenPGP out of the box. You can however buy one of the following products and install [ykneo-openpgp](https://github.com/Yubico/ykneo-openpgp) by yourself. We wouldn't encourage you to do this as it requires to install special tools.
| Card | ykneo-openpgp | SmartPGP |
|------|------|------|
| [J3D081, JCOP v2.4.2 Card from cryptoshop.com](http://www.cryptoshop.com) | ✔ | 𐄂 |
| Fidesmo | https://github.com/fidesmo/ykneo-openpgp/pull/1/files | |
| Javacardos.com A22CR | see https://www.javacardos.com/javacardforum/viewforum.php?f=36 , uses stripped down version: https://github.com/JavaCardOS/OpenPGPApplet/compare/master...Yubico:master | |
| NXP JCOP J2A040 | https://github.com/Yubico/ykneo-openpgp/issues/51 | |
| NXP J3D081 | ? | Fails to install v3.0.1 branch |
| [NXP J3H081 SCP02 and SCP03 from motechno.com](https://www.motechno.com/buy/j3h081-jcop3/) | ? | MUST USE v3.0.1 branch. Install of cap file from master branch fails with ``INSTALL [for install and make selectable] failed: 0x6F00``. ``-default`` on install bricks card. |
# Problems with Smartphones and NFC
* [HTC One M7](https://github.com/open-keychain/open-keychain/issues/990)