oct - OpenPGP card tool

openpgp-card-tool “oct” #

The oct CLI tool for inspecting, configuring and using OpenPGP card devices.

https://crates.io/crates/openpgp-card-tools/

OpenPGP card devices #

OpenPGP card devices are a type of hardware security module, specifically aimed at use with OpenPGP.

Commonly used OpenPGP card brands and devices include Nitrokey, YubiKey and the Free Software/Open Hardware Gnuk project.

The point of OpenPGP card devices is to handle private key material outside the host computer. This ensures that the private key material as such can’t be exfiltrated even when the user’s host computer is fully compromised.

The oct tool #

The main functionality of the oct tool includes:

  • Inspecting the state of an OpenPGP card device, including the keys that are stored on the device.
  • Import of key material onto a card (as well as generation of keys on a card).
  • Management of the various PINs that OpenPGP cards have.

The tool offers a convenient interface, but exposes the information on devices in a mostly unfiltered form, and without mixing in information from sources other than the card itself (unlike GnuPG, which mixes information from cards with state from its key store).

See the project’s documentation for more information.

Machine-readable interface for scripting #

oct supports producing machine-readable output with the --output-format parameter (e.g.: --output-format json).