The Fellowship crypto card
When you join the Fellowship Community, you will automatically receive two letters: One containing your personalised Fellowship crypto card, a smart card containing state-of-the-art hardware encryption, and another one containing administrative information for the Fellowship crypto card.
The Fellowship crypto card has a unique design that is personalised for you with your name and fellowship number.There are three OpenPGP subkeys on the crypto card:
- A signature subkey, used to sign email, documents and other data.
- An encryption subkey, used to decrypt incoming data and mail.
- An authentication subkey, not used for normal GnuPG operation, which allows other tools like SSH or PAM modules to use the Fellowship crypto card for authentication and (remote) logins.
The Fellowship crypto card is a so-called "smart card" and requires a smart card reader for your computer. Using your Fellowship crypto card in combination with a smart card reader, you can:
- Sign and encrypt your email.
- Use your Fellowship crypto card for single sign-on at you computer.
- Log in remotely on your machines using SSH. Because the key is stored in hardware and can never leave the card, you can even do this safely from a potentially insecure machine.
- Use the crypto card only for subkeys of your normal GPG key, as described in the GnuPG Smartcard Howto under Advanced Features or the howtos on this site. Using your crypto card with subkeys is recommended.
Each Fellow will also have the opportunity to have their keys signed by the Free Software Foundation Europe CA; handled by Werner Koch, of course.
The Fellowship crypto card is indeed a very flexible token that can be used for many things -- use your imagination. Making creative use of the token will be part of the Fellowship fun activities.
Just got your card?
In our howtos, you can find basic instructions to get it working for mail signing and encryption:
- How to set up your smart card reader for use with the Fellowship crypto card on hotplug-based GNU/Linux systems. If your system is based on a newer distribution like Ubuntu, it may be using udev instead of hotplug. In this case, you can find the right How to here.
-
How to use your Fellowship crypto card with subkeys.
This is recommended: If you lose your Fellowship crypto card, you can generate new subkeys on your replacement card, preserving the signatures collected and maintaining the integrity of your OpenPGP network. -
How to use your Fellowship crypto card for your main key.
This is not recommended: If you lose your Fellowship crypto card, your key and all signatures will be lost.
