[ale] Smart Card Basics

Sean McNealy sean.mcnealy at gmail.com
Mon Feb 8 17:31:29 EST 2010


I don't have a lot of experience with smartcards and Linux together,
so I hope I don't confuse you more.  And I'm by no means an expert on
either topic.  But here goes anyway!

I don't know if it's overlapping standards.  I see it more as a lack
of standards.

You'll need the following:
A card.
An app running on the card that's designed to work on that card (that
you'll probably end up installing).
Middleware/drivers that are designed to talk to the app on the card.
And finally, I don't know how GPG or TrueCrypt access their keys
(especially TrueCrypt since my setup uses "keyfiles", apparently
random data, instead of keys), but if they can use a PKCS#11 interface
that's how you access the middleware.

Smartcard readers are a dime a dozen (ok, a bit more than that), and
don't really do anything special.  This is the easy part.

So what you're looking for is an entire stack from the middleware down
to the card hardware.  This means don't buy anything without deciding
on the entire stack first (or you'll have a few cards without software
on them doing nothing, like me).  I've run into OpenSC [
http://www.opensc-project.org/opensc/ ] and it seems to be functional.
 Though I can't fully endorse it since I only found it in passing.

Finally, it's hard to buy smartcards!  There aren't a lot of vendors
that sell to individuals.

They are cool, though, and get you some geek-cred.

-Sean

On Mon, Feb 8, 2010 at 3:44 PM, Dev Null <devnull at iamdevnull.info> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi. I am new to smart cards. I try to search for information, but I am
> overwhelmed by the amount of overlapping standards. I want a smart
> card that can store a key for me for GnuPG, and one that can store
> keys for TrueCrypt as well. I'd like them both on the same card, but
> on different cards would be alright as well.
> Does anyone have experience with smart cards?
> Thanks.
>
> - --
> - -
> /dev/null
> We are the Pentium of Borg. Division is futile. You will be approximated.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
> Comment: What? Comment?
>
> iD8DBQFLcHeVg/SYr0MwVTIRAqEZAJ9iHLS5R01RI9iyOym1DoumHfN4+ACePACg
> 04ufXXeSOgI5Cnvih9HRKuo=
> =BPbn
> -----END PGP SIGNATURE-----
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


More information about the Ale mailing list