Skip to content

Nitrokey/opcard-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

653 Commits

LICENSES

LICENSES

 
 

ci

ci

 
 

examples

examples

 
 

fuzz

fuzz

 
 

src

src

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.gitlab-ci.yml

.gitlab-ci.yml

 
 

CHANGELOG.md

CHANGELOG.md

 
 

Cargo.toml

Cargo.toml

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

Repository files navigation

opcard-rs

opcard is a Rust implementation of the OpenPGP smart card specification v3.4 using the Trussed framework for modern cryptographic firmware. It is developed for the Nitrokey 3 but can be used with any device supporting Trussed.

Usage

See the Nitrokey 3 documentation.

Features

opcard currently supports the basic OpenPGP Card functionality (key generation, key import, signing, decrypting, card administration).

Here are the currently supported algorithms:

  • RSA-2048
  • RSA-3072
  • RSA-4096
  • EcDSA and ECDH for P256
  • EdDSA and ECDH for Curve25519

Development

Opcard uses virtualsmartcard for testing. make test will run opcard on the host through virtualsmartcard and test it.

make dangerous-real-card-test will instead run the tests against a real card. The vendor id and serial numbers can be configured with variables:

  • OPCARD_DANGEROUS_TEST_CARD_USB_VENDOR configures the USB vendor ID of the device
  • OPCARD_DANGEROUS_TEST_CARD_USB_PRODUCT configures the USB product ID of the device

Those can be obtained by lsusb. In the line Bus 003 Device 010: ID 20a0:42b2 Clay Logic Nitrokey 3, 20a0 is OPCARD_DANGEROUS_TEST_CARD_USB_VENDOR and 42b2 is OPCARD_DANGEROUS_TEST_CARD_USB_PRODUCT.

  • OPCARD_DANGEROUS_TEST_CARD_PGP_VENDOR configures the PGP vendor ID of the device
  • OPCARD_DANGEROUS_TEST_CARD_PGP_SERIAL configures the PGP serial number of the device.

Those can be obtained by opgpcard status. In the line OpenPGP card 000F:566F86B0 (card version 3.4), 000F is OPCARD_DANGEROUS_TEST_CARD_PGP_VENDOR and 566F86B0 is OPCARD_DANGEROUS_TEST_CARD_PGP_SERIAL.

Be aware that due to conflicts between gpg-agent and pcscd (the smartcard daemon), this test suite will start then stop pcscd

make dangerous-real-card-test \
  OPCARD_DANGEROUS_TEST_CARD_USB_VENDOR="20A0" \
  OPCARD_DANGEROUS_TEST_CARD_USB_PRODUCT="42B2" \
  OPCARD_DANGEROUS_TEST_CARD_PGP_VENDOR="0000" \
  OPCARD_DANGEROUS_TEST_CARD_PGP_SERIAL="A020DF77" \
  OPCARD_DANGEROUS_TEST_CARD_NAME="test card"

Bug reports

If you encounter a bug or have a feature request, please inform us on our forum. Please include the output of gpg --card-status so for context.

License

This project is licensed under the GNU Lesser General Public License (LGPL) version 3. Configuration files and examples are licensed under the CC0 1.0 license. For more information, see the license header in each file. You can find a copy of the license texts in the LICENSES directory.

This project complies with version 3.0 of the REUSE specification.

Funding

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.

About

OpenPGP card implementation

Resources

Readme
Activity
Custom properties

Stars

47 stars

Watchers

13 watching

Forks

1 fork
Report repository

Releases

11 tags

Packages

No packages published

Contributors 5

Languages