Blog

Implementations of the OpenPGP application for smart cards

The OpenPGP card is a cryptographic application for ISO7816-compliant smartcards. Here is a survey of the available implementations of that specification.

First, the implementations available in source code form:

Implementation Spec. version Target License
Achim Pietig’s BasicCard implementation 1 Version 2.1 ZeitControl BasicCard 3-clause BSD
Niibe Yutaka’s Gnuk Version 3.3 STM32F103 microprocessor GPLv3+
Joeri de Ruiter’s Java Card implementation Version 2.0.1 Java Card Platform GPLv2+
FluffyKaon’s Java Card implementation Version 2.0.1 Java Card Platform GPLv3+
ANSSI’s Java Card implementation Version 3.3 Java Card Platform GPLv2+
CanoKeys’ implementation 2 Version 3.4 STM32L432KC microprocessor Apache 2.0

Then the implementations available as commercial, ready-to-use products:

Product Spec. version Form factor Price Remarks
FLOSS-Shop’s OpenPGP Smartcard Version 3.3 Contact card €17.90 A ZeitControl BasicCard running Achim Pietig’s code with some non-free routines.
Niibe Yutaka’s FST-01 Version 3.3 USB token N/A​3 Open hardware running Gnuk.
Yubikey NEO Version 2.0.1 USB token with NFC interface $50.00 Java Card applet based on Joeri de Ruiter’s implementation.4
Yubikey 4 ? USB token $40.00 Proprietary firmware.
Nitrokey Start 3.3 USB token €29.00 Runs Gnuk.
Nitrokey Pro 2.1​5 USB token €49.00 Embeds a physical smartcard from FLOSS-Shop.
Fidesmo Card Probably 2.0.1​6 Contact-less card (NFC only) €10.00 Probably runs a fork of the Yubikey’s applet.
Cotech Card 3.? Contact and contact-less card €15.00​7 Runs a Java Card applet, possibly the one from ANSSI.

Feel free to contact me if you know of another available implementation not listed here.

  1. Achim Pietig is also the author of the OpenPGP card specification.
  2. Thanks to 林子安 for attracting my attention to this implementation.
  3. The FST-01 used to be available from Seeed Bazaar, but it is currently out of stock; it can be purchased directly from Niibe Yutaka. The NeuG USB True Random Number Generator from the Free Software Foundation can also be reflashed with Gnuk.
  4. The OpenPGP applet is not activated by default; Yubico provides instructions to enable it.
  5. According to this comment from February 2018, support for version 3+ (using the latest smartcard from FLOSS-Shop) was expected “in the next few weeks”, but as of June 2018 nothing has been announced.
  6. Assuming they’re using the Yubikey’s applet.
  7. Contact Cotech directly to order. Thanks to Alessandro Vesely for attracting my attention to this card.

(updated )