 | ||
In cryptography, the OpenPGP card is an ISO/IEC 7816-4, -8 compatible smart card implementation that is integrated with many OpenPGP functions. Using this smart card, various cryptographic tasks (encryption, decryption, digital signing/verification, authentication etc.) can be performed. It allows the storage of secret key material in a secure manner; all versions of the protocol state, "Private keys and passwords cannot be read from the card with any command or function." However, a new key pair may be loaded onto the card at any time, overwriting the existing one.
Built on BasicCard, OpenPGP cards can be obtained from a distributor, or by becoming a fellow in Free Software Foundation Europe. Nitrokey and Yubico provide the OpenPGP card as a USB token.
The smart card daemon, in combination with the supported smart card readers, as implemented in GnuPG, can be used for many cryptographic applications. With gpg-agent in GnuPG 2, an ssh-agent implementation using GnuPG, an OpenPGP card can be used for SSH authentication also.
With Aloaha there is also a proprietary middleware for Windows available.
Vendor IDs
An OpenPGP card features a unique serial number to allow software to ask for a specific card. Serial numbers are assigned on a vendor base and vendors are registered with the FSFE.
Assigned vendor ids are:
The id range 0xff00 to 0xfffe can be used for randomly assigned serial numbers without a specific vendor. The ids 0x0000 and 0xffff may only be used for testing.