Can pico act as a openpgp smart card like gnuk?

[Fazel94]

I was wondering if it is possible to use pico as an smart card interface for holding gpg keys like https://wiki.debian.org/GNUK or Yubikey like products. If such a thing is possible it would be great if added as an example of using USB.
There is two such ways, one is to implement an smart card interface another is a full gpg agent running on the pico.

[lurch]

If somebody wants to port that software from STM32F103 (a 72MHz Cortex M3) to RP2040 (a two core 133MHz Cortex M0+), I don't see why it wouldn't be possible in theory. But we won't be doing that port ourselves, it's up to a community-member to provde that (we accept Pull Requests :slightly_smiling_face: ). But note that the HWRNG on the RP2040 has biases, so you may not want to use it for cryptographically-secure key generation.

[Fazel94]

I might be able to, but couldn't find enough pointers to where to get started on.

[lurch]

That's probably something you'll need to ask the GNUK developers about... :shrug:

[laf0rge]

This is a related project: https://github.com/polhenarejos/pico-hsm

It implements already the CCID firmware for the RP2040, making the RP2040 appear as a USB-CCID smart card reader to the USB host. You'd have to replace the PKCS#11 behind it with something that resembles an OpenPGP card.

In any case, I don't tihnk its the best idea. Not only is there no true random number generator,but you also are relying on the external SPI flash of all existing RP2040 devices, so contrary to a properly secured smart card chip, it is very easy for anyone with hardware access to dump the flash contents and therefore your key material.

[ajraymond]

This is an old issue, but the same author has now come up with a similar firmware specifically for using OpenPGP with the pico: https://github.com/polhenarejos/pico-openpgp