It's essentially here so people can find it : there are no modules for those devices. See this list of sample applications for Linux. Finding smart card vendors in a web search, typical keywords to use are: "7816" "4096" "rsa" "smartcard".
Here are some common cards that are available through online shopsĮach has some gotchas - see the OpenSC wiki (supported hardware list) for details. Consequently, for those who want RSA 4096 on smart cards, it is recommended to also consider using ECCįor those with an RSA preference, Some comments on the debate over using 2048 or 4096 bits. Lower CPU overhead / faster operation on the chip in the card. Due to the shorter key length (uses less memory). Smart card vendors are showing a preference for supporting ECC in future projects:. it is not in the stable versions of GnuPG or GnuPG v2.0 in Debian. even modern applications are struggling to catch up, e.g. 256 bit ECC is similar in strength to 3072 bit RSA) 
Elliptic Curve Cryptography (ECC) is a more modern algorithm. Some people feel that is not sufficient. 
Most cards support a maximum of 2048 bits. Keys shorter than 2048 bits are considered insecure. In the best cases, it is possible to build working solutions without using any non-free or binary artifacts from the vendor, except for those in the card itself. Some vendors provide binary (closed source) drivers for Linux, but it is not always necessary to use these drivers. By definition, a smartcard is a secure device and the software can not be changed at will. This software is rarely free software within the principles of the Debian Free Software Guidelines - however, the software on the Debian system is completely free. Smartcards have their own internal software and operating systems. However, GnuPG can also use regular PKCS#11 cards with the help of OpenSC and the GnuPG PKCS#11 project For the GnuPG use-case (signing email), they are easy to use and therefore quite popular - however, to use a card for general purpose activities such as web authentication, VPN and disk encryption, they may not be satisfactory. OpenPGP cards are a special type of card that are designed for use with GnuPG. This page describes the PKCS#11 style cards. There are two main types of solution on Debian, the OpenPGP based cards or the PKCS#11 style cards. By carefully selecting the right combination of smart cards and card readers, a fully functional system can be implemented with Debian. All cards, readers and software are not interchangeable. A smartcard architecture is quite complicated and it is not currently possible to mix-and-match any random combination of cards and readers in a plug-and-play manner.
0 kommentar(er)
