Skip to content

0xRake/opcard-rs

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

558 Commits
LICENSES
LICENSES
 
 
ci
ci
 
 
examples
examples
 
 
fuzz
fuzz
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Cargo.toml
Cargo.toml
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
USAGE.md
USAGE.md
 
 

Repository files navigation

opcard-rs

opcard is a Rust implementation of the OpenPGP smart card specification v3.4 using the Trussed framework for modern cryptographic firmware. It is developed for the Nitrokey 3 but can be used with any device supporting Trussed.

⚠️ Security Warning

This is alpha software and should currently not be used outside of testing. Updates may lead to data loss and the security of the keys and PINs is not guaranteed.

Features

opcard currently supports the basic OpenPGP Card functionality (key generation, key import, signing, decrypting, card administration).

Here are the currently supported algorithms:

  • RSA-2048
  • RSA-3072 (no key generation, key import only)
  • RSA-4096 (no key generation, key import only)
  • EcDSA and ECDH for P256
  • EdDSA and ECDH for Curve25519

See the issues for the v1.0.0 milestone for all missing features for a first stable release.

Check out the user guide for more information on what can be done.

Development

Opcard uses virtualsmartcard for testing. make test will run opcard on the host through virtualsmartcard and test it.

make dangerous-real-card-test will instead run the tests against a real card. The vendor id and serial numbers can be configured with variables:

  • OPCARD_DANGEROUS_TEST_CARD_USB_VENDOR configures the USB vendor id of the dveice
  • OPCARD_DANGEROUS_TEST_CARD_USB_PRODUCT configures the USB product id of the dveice
  • OPCARD_DANGEROUS_TEST_CARD_PGP_VENDOR configures the PGP vendor id of the dveice
  • OPCARD_DANGEROUS_TEST_CARD_PGP_PRODUCT configures the PGP serial number of the dveice

Be aware that due to conflicts between gpg-agent and pcscd (the smartcard daemon), this test suite will start then stop pcscd

make dangerous-real-card-test \
  OPCARD_DANGEROUS_TEST_CARD_USB_VENDOR="20A0" \
  OPCARD_DANGEROUS_TEST_CARD_USB_PRODUCT="42B2" \
  OPCARD_DANGEROUS_TEST_CARD_PGP_VENDOR="0000" \
  OPCARD_DANGEROUS_TEST_CARD_PGP_SERIAL="A020DF77" \
  OPCARD_DANGEROUS_TEST_CARD_NAME="test card"

Installation

Download the latest compiled alpha release. Plug your Nitrokey 3 and use nitropy to install it with nitropy nk3 update <path/to/release/file>

Bug reports

If you encounter a bug or have a feature request, please inform us on our forum. Please include the output of gpg --card-status so for context.

License

This project is licensed under the GNU Lesser General Public License (LGPL) version 3. Configuration files and examples are licensed under the CC0 1.0 license. For more information, see the license header in each file. You can find a copy of the license texts in the LICENSES directory.

This project complies with version 3.0 of the REUSE specification.

Funding

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.

About

OpenPGP card implementation

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Rust 99.1%
  • Other 0.9%