openpgp-card

No description

Find a file

Heiko Schaefer 6de3901c12 Add a NIST384 key for testing.		2021-09-22 13:22:45 +02:00
.reuse	Fix reuse license information	2021-07-17 02:27:51 +02:00
card-functionality	Add a NIST384 key for testing.	2021-09-22 13:22:45 +02:00
example	Add authentication subkeys to example keys.	2021-09-11 13:44:06 +02:00
LICENSES	Initial commit	2021-06-30 22:29:23 +02:00
openpgp-card	Fix comparison of card ident (the test config shouldn't be case sensitive)	2021-09-21 16:50:34 +02:00
openpgp-card-sequoia	Don't set a policy implicitly.	2021-09-21 16:59:01 +02:00
pcsc	Release pcsc and -sequoia	2021-09-11 13:02:54 +02:00
scdc	Releases	2021-09-09 00:48:25 +02:00
.gitignore	Move the configuration of cards for card-functionality test suite into the file `config/test-cards.toml`.	2021-08-04 19:15:45 +02:00
.gitlab-ci.yml	Add a CI job to run 'cargo test' with rustc/cargo from debian stable.	2021-08-27 15:15:31 +02:00
.rustfmt.toml	rustfmt	2021-07-01 23:46:12 +02:00
Cargo.toml	Refactor:	2021-08-18 14:03:54 +02:00
README.md	Adjust graph details, add some more detail to the backends section.	2021-08-28 14:10:15 +02:00

README.md

This project implements client software for the OpenPGP card standard, in Rust.

Architecture

The project consists of the following crates:

openpgp-card, which offers a relatively low level OpenPGP card client API. It is PGP implementation agnostic.
openpgp-card-pcsc, a backend to communicate with smartcards via pcsc.
openpgp-card-scdc, a backend to communicate with smartcards via an scdaemon instance.
openpgp-card-sequoia, a higher level API for conveniently using openpgp-card with Sequoia PGP.
openpgp-card-tests, a testsuite to run OpenPGP card operations on smartcards.

graph BT
    OP["openpgp-card-pcsc <br/> (pcsclite backend)"] --> OC
    OS["openpgp-card-scdc <br/> (scdaemon backend)"] --> OC["openpgp-card <br/> (low level API)"]
    OC --> OCS["openpgp-card-sequoia <br/> (high level Sequoia PGP-based API)"]
    OC -.-> U2[applications using low level API]
    OCS -.-> U3[Sequoia PGP-based applications]

classDef userApp fill:#f8f8f8,stroke-dasharray: 5 5;
class U1,U2,U3 userApp;

The openpgp-card crate

Implements the functionality described in the OpenPGP card specification, offering an API at roughly the level of abstraction of that specification, using Rust data structures. (However, this crate may work around some minor quirks of specific card models, in order to offer clients a somewhat uniform view)

This crate and its API do not depend or rely on any particular OpenPGP implementation.

Backends

Typically, openpgp-card will be used with the openpgp-card-pcsc backend, which uses the standard pcsclite library to communicate with cards. However, alternative backends can be used and may be useful.
The experimental, alternative openpgp-card-scdc backend uses scdaemon from the GnuPG project as a low-level transport layer to interact with OpenPGP cards.

Backends implement:

functionality to find and connect to a card (these operations may vary significantly between different backends), and
a very simple communication primitive, by implementing the CardClient trait, to send individual APDU commands and receive responses.

All higher level and/or OpenPGP card-specific logic (including command chaining) is handled in the openpgp-card layer.

The openpgp-card-sequoia crate

Offers a higher level interface, based around Sequoia PGP datastructures.

Most client projects will probably want to use only this crate, and ignore the lower level crates as implementation details.

Acknowledgements

This project is based on the OpenPGP Card spec, version 3.4.1.

Other helpful resources included:

The free Gnuk OpenPGP card implementation by gniibe.
The Rust/Sequoia-based OpenPGP card client code in kushaldas' project johnnycanencrypt.
The scdaemon client implementation by the GnuPG project.
The open-keychain project, which implements an OpenPGP card client for Java/Android.
The Rust/Sequoia-based OpenPGP card client code by Robin Krahl.