Hacker News new | ask | show | jobs
by bruo 4013 days ago
Maybe you will like the FST-01? It's a free hardware device that can run gnuk, which is a free software smartcard over usb implementation. While it also supports RSA 2048 by default you can upgrade it to use RSA 4096 or even Ed25519 keys with GnuPG 2.1.

Both, the FST-01 and Gnuk are made by one of the GnuPG main developers, gniibe :)

I suggest this as I discarded a Yubikey NEO for one of these and i'm pretty happy.

http://www.seeedstudio.com/wiki/FST-01 http://www.fsij.org/doc-gnuk/
1 comments
beagle3 4013 days ago
Yubikey is FIPS-140 certified -- unfortunately, I haven't found anything else usable and/or reasonably priced that is, and the only other usable thing that's actually a smartcard, in the sense that in the absence of bugs you need some very unavailable hardware like a FIB machine, is the PGPcard.
link
bruo 4013 days ago
I didn't notice any difference in the usability of Gnuk and the Yubikey NEO. I mean, i had to do the same things for both to configure and use them as they are both are "smartcards". What issues did you found with Gnuk?

I'm interested as for our local work (activism related) Gnuk showed up as the best alternative for price, openess and the possibility if something fails to not have to buy new hardware. Yubikey did the right thing with their latest "put your yubikey in the trash bug" giving a new one, but we don't live in the US and time can be a factor.

But still, Gnuk is far from perfect and the better it gets the better for us. Can you tell me about the issues you had so i can talk with gniibe to see if there are solutions for them?

Thanks in advance.

link
beagle3 4008 days ago
I didn't try gnuk - This is the first time I hear about it.

I was comparing NEO to other tokens I've seen and used - it's not worse, but non of them are as simple as I would like (and no, I don't know how to describe the simplicity I'm after).

Looks like the gnuk is a software implementation - do you trust it not to disclose the private key if it is physically accessible? If you do, why?

I trust the NEO to require more than what your average hacker can use at home - though, of course, I don't trust it against state actors, who probably have the fund and equipment to make any smart card apparatus "talk".

link