Linux – Smartcards for storing gpg/ssh keys (Linux) – what do I need

gnupglinuxsmartcardssh

I'm interested in storing my SSH keys and gpg keys on a smartcard for added security. However, I'm a bit uncertain on a few points, which are as follows:

  1. How many keys can I get on a card? I assume both SSH and GPG can store keys on the card.
  2. Is there a limit to key size? I see a lot of cards saying they support 2048-bit keys, what about larger sizes?
  3. Hardware: can anyone recommend a card/reader combination that works well? I've done a fair amount of research and it seems PC/SC readers can be a bit iffy – is this your experience?
  4. Have I missed anything I should be asking? Are there any other hurdles?

I'm aware fsf europe give away cards with membership – I'm not sure I want to join, but… are these cards any good?

Best Answer

  • I tried to do this, using the FSFe's instructions. I got close as their instructions are quite good.

    You'll need a supported smartcard reader. I snagged two for $20 a piece somewhere, don't remember the model but they were definitely listed as "supported" by the FSFe instructions. All of their setup worked really well. PC/SC is somewhat iffy as it's iirc a MS standard, but it worked well enough for what I needed it to do.

    You will also need a supported smartcard. I used a generic "store-only" card and was told by the reader that it was an "unpowered card" (which I expected, as it was really old, 10 years or so). You need to make sure that the card is capable of storing keys.

    It's possible FSFe would tell you what kind of card they are using. (I'm in the US, not even sure I can join. I've joined the FSF though.)

  • Related Question