The "OpenPGP Card V2" with authentication key

I recently bought two used(ebay) card reader, an SCM SCR243(PCMCIA) and an SCM SCR3310(USB), both together for about 14 Euro.

The SCR243 is currently not working due to incompatibilities between the vendor driver and the PCMCIA kernel stack (>=2.6.33 only) but I've already requested a driver update by SCM

thank you very much for bringing this to our attention. I requested an adapted driver from development that incorporates the recent changes to the pcmcia API. I will inform you when and if an updated driver will be available.

so lets wait and hope it doesn't take too long. :)

The SCR3310 works out of the box as long as your kernel has USB support enabled.

To upgrade the reader's firmware you have to select a windows 32bit OS in the download center otherwise you might not see any firmware upgrades.

You'll get a OpenPGP Card either through donating the FSFE (Fellowship) or directly through the distributor Kernel Concepts. The cards are equal.

So for setup steps just follow the FSFE guide until "Generating subkeys for the card". If you want to use your card for e.g. SSH authentication too, then you need to do some further steps before making the backup at "Save public and secret keyring".

It seems to be important to keep the right order (First create the keys, then make a backup and then copy the key to the card) because the key will be associated with the card number! Otherwise it may cause some issues later.

To create an authentication key do the following:

gpg --expert --edit YOURKEYID addkey

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
Your selection?

Now choose either 7 or 8 or whatever else has the "set your own capabilities" addition.

Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection?

Note the "Current allowed actions: Sign Encrypt" line!

Now press S and hit enter, the same for E. Finally press A and hit enter until you see "Current allowed actions: Authenticate", then press Q to finish the selection and create your authentication key.

You'll now see a sub-key like "sub 2048R/A3773C83 created: 2010-08-17 expires: never usage: A", note the "usage: A" that means Authentication. Save your changes and continue with the FSFE guide till the end

Once you're done just export your public ssh key with the following command: [codespan]gpgkey2ssh A3773C83[/codespan]. NOTE: you need to select the authentication sub-key id!

That's it! Enjoy your new toy! :)

Thanks to the FSFE guys who wrote the guide as well as Diego Elio “Flameeyes” Pettenò because I came to the SmartCard through his blog.

social