Using PGP with an ePass2000

This tutorial details how to use PGP on Windows with a USB smartcard token, specifically the ePass2000 cryptographic token.

Why?

The token makes it much easier for the user: no need to remember long passphrases. Just put the token into an USB slot and type in a small pincode of 4 to 8 characters. By making it easier for the user, security is improved: people will not need to write down their passphrases or use very short and insecure passwords.

The same token can be used for multiple applications. There is enough memory on the smartcard to store multiple keys and due to the standard pkcs#11 and microsoft cryptoapi interfaces almost any application supporting smartcards works just fine with the ePass2000. Examples for desktops are: logging on to a Windows Domain Server (supported by Windows 2000, XP and 2003), and from OpenFortress a solution for SSH logins.

Why not?

If you lose or damage your token: you lose your private key and any data encrypted to it. Because the key is generated inside the token and cannot leave it, it is not possible to make a backup of the private key.

Also, the token only supports 1024 bit RSA, which according to some is inadequate. Tokens supporting 2048 bits are however already entering the market. And in any case, a 1024 bit Verisign RSA root key still secures online banking for millions of people, so why worry?