Jan 232016

For some time GPG has supported storing the private keys you use to sign and decrypt e-mails and log in to servers over SSH on a secure smartcard or USB token. This protects them from being copied even if your SSH client has a really nasty bug but unfortunately, the tokens and cards are expensive, opaque proprietary things.

There’s one exception: Niibe Yutaka of the Free Software Initiative of Japan created an open source firmware called Gnuk that’s runs on a widely-available ARM microcontroller and is mostly compatible with the official OpenPGP card. You can even run it on cheap $4 Maple Mini clones that are widely available on sites like AliExpress. Of course you should bear in mind the warning about homebrew crypto in my previous post, though Gnuk seems far better designed and written than that code.

Continue reading »

 Posted by at 2:25 pm