Some tools to play with GnuPG’s smartcard daemon and OpenPGP smartcards.
Go to file
Damien Goutte-Gattat e0688a0f2f Update documentation for scdtotp
Add a draft man page for scdtotp and update the README file
to mention the new program.
2014-12-19 13:57:43 +01:00
lib Add replacement function for asprintf 2014-11-07 15:42:42 +01:00
m4 Add replacement function for asprintf 2014-11-07 15:42:42 +01:00
man Update documentation for scdtotp 2014-12-19 13:57:43 +01:00
src Add the scdtotp program 2014-12-18 19:12:33 +01:00
.gitignore Initial commit 2014-08-08 00:55:49 +02:00
AUTHORS Distribute AUTHORS and COPYING files 2014-08-11 17:33:14 +02:00
COPYING Distribute AUTHORS and COPYING files 2014-08-11 17:33:14 +02:00 Add man page and README file 2014-08-11 21:15:11 +02:00
NEWS Prepare for 0.2.0 release 2014-11-06 17:47:47 +01:00
README Update documentation for scdtotp 2014-12-19 13:57:43 +01:00 Update documentation for scdtotp 2014-12-19 13:57:43 +01:00


This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Scdtools - Tools for Scdaemon and OpenPGP smartcards

Scdtools is a set of utility tools to work with Scdaemon, the smartcard
daemon of the GnuPG project, and OpenPGP smartcards.

Scdrand - Extract random numbers from a smartcard
Scdrand obtains up to 256 bytes of random data from a ISO7816-compliant
smartcard and adds them to the kernel entropy pool.

It uses Scdaemon to send a GET CHALLENGE to the smartcard. As per
ISO 7816-4, the smartcard replies with random bytes, which Scdrand then
sends to the Linux kernel entropy pool through the RNDADDENTROPY ioctl
call on /dev/random.

Since that call requires root privileges, scdrand is installed with the
setuid bit set. To mitigate risks associated with running as root, the
program forks itself at startup and only the child retains the root
privileges needed to write to /dev/random. The parent process, in charge
of communicating with the smartcard, then runs with the privileges on
the calling user.

Scdtotp - Generate time-based OTP from an OpenPGP smartcard
Scdtotp uses an OpenPGP smartcard as a poor mans one-time password
generator token. It generates time-based one-time password (TOTP)
as per RFC 6238, based on a key it expects to find in the private
data object of the inserted OpenPGP smartcard.

Note that contrary to a true password generator token, the key cannot
remain only on the smartcard, it has to be sent to the computer so
that scdtotp can derive the password from it. Thus it cannot provide
the same level of security.

Scdtools is distributed under the terms of the GNU General Public
License, version 3 or higher. The full license is included in the
COPYING file of the source distribution.

Homepage and contact
The project is located at <>.
The latest source code is available in a Git repository at
<git://> and may also be browsed at

The author may be contact at the following address:
Damien Goutte-Gattat <>