The Fellowship Smart Card
When you join the Fellowship Community, you will automatically receive two letters: One containing your personalised Fellowship card, an OpenPGP smart card containing state-of-the-art hardware encryption, and another one containing administrative information for the Fellowship card.
The fundamental idea of OpenPGP smart cards is to store your subkeys on the card, where all cryptographic operations are executed. Thus, secret keys never leave the card, and your keyring on disk contains only so-called stubs pointing to the secret keys on the smart card, but not the secret keys themselves.
The Fellowship smart card has a unique design that is personalised for you with your name and fellowship number. Three OpenPGP subkeys can be stored on the smart card:
- A signature subkey, used to sign email, documents and other data.
- An encryption subkey, used to decrypt incoming data and mail.
An authentication subkey, not used for normal GnuPG operation, which allows other tools like SSH or PAM modules to use the Fellowship smart card for authentication and (remote) logins.
Being a smart card, the Fellowship card requires a smart card reader (list of recommended readers) for your computer. If you are interested in a small, convenient USB reader, check out http://www.gooze.eu/smc-scm-3500-smartfold-reader. Using your Fellowship smart card in combination with a smart card reader, you can:
- Sign and encrypt your email.
- Use your Fellowship smart card for single sign-on at you computer.
- Log in remotely on your machines using SSH. Because the key is stored in hardware and can never leave the card, you can even do this safely from a potentially insecure machine.
Use the smart card only for subkeys of your normal GPG key, as described in the howtos on this site. Using your smart card with subkeys is recommended.
The Fellowship smart card is indeed a very flexible token that can be used for many things -- use your imagination. Making creative use of the token will be part of the Fellowship fun activities.
Just got your card?
In our Card_howtos, you can find basic instructions to get it working for mail signing and encryption:
- How to set up your smart card reader for use with the Fellowship card GNU/Linux systems.
- How to use your Fellowship card with subkeys. This is recommended: If you lose your Fellowship card, you can generate new subkeys on your replacement card, preserving the signatures collected and maintaining the integrity of your OpenPGP network.
- How to use your Fellowship card for your main key. This is not recommended: If you lose your Fellowship card, your key and all signatures will be lost.
We also have a FAQ about the Fellowship card
Just lost your card?
In case your Fellowship card gets lost or irreparably damaged, you will probably want to get a replacement. If so, follow this Procedure. If you have an further Questions, you should write to <fellowship AT fsfeurope DOT org>.