Oops, that was missing some important bootstrap steps, especially critical if you are unfamiliar with pgp workflows... Here is a revision. It assumes you have certs already on the card and addresses an initial workflow, I've not confirmed, but I would be happy to see corrections for more appropriate FAQ presentations. I guess sections to use readonly and yubikey style smart cards would cover most use cases?On Tue, Nov 5, 2024 at 11:10 AM George Georgalis <george%galis.org@localhost> wrote:Abu Hussain Al Mukhtar <abuhussain%secure.mailbox.org@localhost> writes:
> I am trying to setup an OpenPGP Smartcard. AFAICT, nothing of the
> sort is discussed in the FAQs or in 'The Guide'.Try a layered approach, map the [usb] device/daemon, io protocol, and crypto components with their functions, to the best of your knowledge. identify prefered and alternate software, review those docs for data (including "See Also" section of man pages) to fortify your component, function, and data flow mapping, revise and repeat. Unfortunately, this is often a prerequisite in a specialized context, with procedural privacy required, so non-standardized solutions often prevail.These are the tools I would start with:netpgpsecurity/netpgp (netbsd and pkgsrc)security/netpgpverifysecurity/pcsc-tools
security/pcsc-liteBesides man pages wikipedia is helpful, eg: OpenPGP_card and Smart_card; and despite the absence of reason, LLM can be helpful to: Describe the high level steps required to leverage the installed tools netpgp, netpgpverify, pcsc-tools to verify signature, sign, encrypt and decrypt files based on smart card and OpenPGP cryptography.
Attached here is a llm artifact that may serve as a faq and meet your needs? Please confirm!Notable, netpgp seems to rely on pcsc-tools, verses bundling card management functionality in. Matter of style in absence of a single standard...-George
Attachment:
smartcard-crypto-guide.md
Description: Binary data
Attachment:
crypto-guide-index.md
Description: Binary data