smartcard support ?

Werner Koch wk@gnupg.org
Tue Jan 8 08:44:02 2002 

On Mon, 7 Jan 2002 18:02:33 +0100, Andreas Jellinghaus said:

>  - what kinds of smartcards ? a special one or generic ones ?
>    or a rather broad definition (smartcards conforming to iso 7816,
>    several other specifications (emv, gsm, whatever), the german
>    law about digital signatures and pkcs15) ?

Pkcs-15 must be supported, we have not yet decided any other things.
Eventually we will have our own one but this is not in the scope of
the project.

>  - what kind of readers will be supported ? 
>    (any reader the middleware supports ? is support for some special
>    reader(s) required ?)

We are open to everything, I use the Kartenwerk because it is most
convenient for my laptop.  BTW, does the USB version work with Linux 2.2?

>  - what kind of middleware ? i know of scez, muscle and sectok,
>    maybe there are others.

The muscle drivers and pcsc-lite as RM, later we will have another one.

>  - what kind of interface to the middleware ? maybe something conforming
>    to pkcs11 and pkcs15 ? but this still leaves serveral possibilities,
>    like gpkcs11, opensc, smartsign ...

OpenSC.  gpkcs11 is not really usable.  Frankly we don't need PKCS-11
for our project, but a pkcs-11 library on top of our modules is planned.

>  - is compatibility at the card/application level a requirement ?
>    (think of the filesystem of the smartcard. if the certificates
>    are stored like pkcs15, it should be possible to access them
>    from windows+ssh (commercial), windows+outlook, windows 2k (login)

You mean proprietary, right?  I don't know whether putty has SC
support.

>    for many people the world is heterogeneous, so they might want to

Sure, GNU/Linux, FreeBSD, NetBSD, OpenBSD, GNU/Hurd, EROS and so on...
tehre are no real problem to port our system to these platforms.

>    (login, mail, ssh, anything-that-does-ssl). i don't know how good
>    pkcs15 solves this problem.

pkcs-15 is a Good Thing although that I'd like an SPKI based system or
just drop all SC an used PDAs.

> my own preferred smartcard isn't a smartcard but a usb token, and i
> try to reverse engineer the windows stuff and write a linux driver.

Don't invest the time into these USB Tokens, what we really need is a
free and working driver for the iButton.  iButtons are far better than
those plastic USB tokens and a USB adapter is also available.

> but that requires to choose a middleware, and still i haven't.

Muscle has a basic iButton driver and what I have heard, David is
gonna dual license his stuff in the future.

Ciao,

  Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus