smartcard support ?

Andreas Jellinghaus aj@dungeon.inka.de
Mon Jan 7 18:19:02 2002


Hi.

Can you give some details about smartcard support planned for sphinx ?

stuff like:
 - what kinds of smartcards ? a special one or generic ones ?
   or a rather broad definition (smartcards conforming to iso 7816,
   several other specifications (emv, gsm, whatever), the german
   law about digital signatures and pkcs15) ?
 - what kind of readers will be supported ? 
   (any reader the middleware supports ? is support for some special
   reader(s) required ?)
 - what kind of middleware ? i know of scez, muscle and sectok,
   maybe there are others.
 - what kind of interface to the middleware ? maybe something conforming
   to pkcs11 and pkcs15 ? but this still leaves serveral possibilities,
   like gpkcs11, opensc, smartsign ...
 - or maybe some other interface like musclecard ? or some special
   interface ?
 - is compatibility at the card/application level a requirement ?
   (think of the filesystem of the smartcard. if the certificates
   are stored like pkcs15, it should be possible to access them
   from windows+ssh (commercial), windows+outlook, windows 2k (login)
   and other places. but i'm not sure. is there some requirement,
   that the card/keys also need to work with in other requirements ?

   for many people the world is heterogeneous, so they might want to
   use the same card on any os (mac, *ix, windows) with every app
   (login, mail, ssh, anything-that-does-ssl). i don't know how good
   pkcs15 solves this problem.

i'm rather new to smartcards, and still experimenting with several
linux smartcard frameworks and applications. muscle has the most users,
but scez is also very nice. citi stopped further development of there
sc7816 and sectok stuff or at least ported this to muscle ? don't know.

my own preferred smartcard isn't a smartcard but a usb token, and i
try to reverse engineer the windows stuff and write a linux driver.
but that requires to choose a middleware, and still i haven't.

andreas