Smartcards for storing gpg/ssh keys (Linux) - what do I need?

I tried to do this, using the FSFe's instructions. I got close as their instructions are quite good.

You'll need a supported smartcard reader. I snagged two for $20 a piece somewhere, don't remember the model but they were definitely listed as "supported" by the FSFe instructions. All of their setup worked really well. PC/SC is somewhat iffy as it's iirc a MS standard, but it worked well enough for what I needed it to do.

You will also need a supported smartcard. I used a generic "store-only" card and was told by the reader that it was an "unpowered card" (which I expected, as it was really old, 10 years or so). You need to make sure that the card is capable of storing keys.

It's possible FSFe would tell you what kind of card they are using. (I'm in the US, not even sure I can join. I've joined the FSF though.)


I joined the FSFE (Free Software Foundation Europe) several years ago as an American and they shipped me an FSFE smartcard w/out any complications.

Currently I use the card to log into an Ubuntu workstation, as well as store the private keys for GPG/PGP and SSH.

The only drawback I've run into so far is the 1024 key length limit for the PGP key.

The card reader I use in an SCM Microsystems USB Smart Card Reader (SCR3310). You can find them on Amazon for under $20 shipped.

Best of luck.


if all your looking for is additional security, why don't you just store them in an encrypted directory. If you're using linux - even windows - download truecrypt. Then mount the encrypted directory before you open an ssh session. That way you don't have to worry about losing your card, or worrying about the card going bad. If you use a card, you should have a backup and that decreases security.

Even if you use a card, I would still encrypt the device if you're worried about security