As a paranoid user, I would like to be able to use a pgp smartcard

Q1. What is the problem that you are trying to solve?
While it’s enough to be able to import a pgp key for most people, some people do have their keys on smartcards for better security. To be able to use passbolt, those people need to create a second, probably less secure key.

Q2 - Who is impacted?
Not many, just some crazy paranoid people. Mostly linux command line geeks, I guess.

Q3 - Why is it important and/or urgent?
This would attract a small but potentially pretty active community.

Q4 - What is your proposed solution? (optional)
As far as I can tell, this does not apply to the CLI, because it doesn’t do any decryption yet. If decryption is added using gpgme, this should use the local gpg agent, which already supports smartcards. On the browser extension side, I am not sure how to access the gpg agent from there, but it is possible, as passff shows (that requires a little host application though).

Q5. Community support
People can vote for this idea to show traction:

  • :ok_woman: Must have: this is critical for me to have this
  • :raising_hand_woman: Should have: this is important for me to have this
  • :tipping_hand_woman: Could have: this could be nice to have
  • :no_good_woman: Won’t have: we should not schedule this (explain why)

0 voters

Hi @jcgruenhage,

We will be partnering with the fine folks of gnupg and mailvelope in Q1 2018 to bring a bridge between web extensions and gnupg via native messaging. This should allow rolling these types of features.

Hi @remy,

Do you have any updates on this feature?

It’s been implemented in mailvelope but we’re not planning to do this in passbolt in the short term. From our experience with mailvelope browser/gnupg integration is quite brittle and have a high cost (implementation and support) for a projected low usage. So it’s in a backburner for now.