** Bob Dunlop <bob.dunlop@???> [2010-11-11 09:03]:
> On Wed, Nov 10 at 07:13, Paul Tansom wrote:
> > Has anyone experimented with using a smart card and reader for authentication?
>
> Way back in 2006 I was paid good money developing software using smart
> cards for various ideas. I wonder if they succeeded in turning any of
> the ideas into saleable patents?
Oh dear, not supporting patents ;)
> Firstly carefully define what you want the card to do, ie exactly what
> your requirements are.
> Login authentication ?
> Signature creation ?
> Encryption ?
> How many keys ?
My initial thoughts were for ssh login authentication, and I'd assumed something along the lines of the card supplied by the FSFE (either by joining or purchasing equivalent). Now I've started thinking about signing emails, although to be honest every time I set that up I stop using it as it is so little used that most people I send mail to get confused by the strange attachment. Encryption I hadn't thought of, although maybe I should. I generally don't use it, but may re-evaluate that stance soon.
> Some cards are better at some tasks than others. The OpenPGP card for
> example is great for signature generation but difficult to use for login
> authentication. This may have changed as I see there is a OpenPGP v2
> card with more keys and x509 support out there now.
>
> At the time we needed a does everything card and ended up using Gemalto
> Cryptoflex 32K cards.
32K sounds quit small by todays standards from what I remember of the ones I've
looked at, although the one that started this whole thought process is a
Feitian PKI card that has 64KB data space and supports "single logon, VPN, SSL
and disc encryption. CAPI and PKCS#11 support, PKCS#15 compliant. Fully
compatible with OpenSC".
I'm not one to rush into any purchase without exhaustive investigation first
though!
> For prototyping we used the SCM SCR-335 reader, a neat simple unit that
> just worked.
I've been looking at an Omnikey Cardman 3121 that seems to be available at a
good price at the moment. I've also considered a Gemalto PC Express card as my
netbook has a suitable slot and it may be more convenient than USB.
I shall keep reading, I'm in no rush at the moment, and the more I understand
the more likely I am to make best use of it :)
** end quote [Bob Dunlop]
--
Paul Tansom | Aptanet Ltd. |
http://www.aptanet.com/ | 023 9238 0001
======================================================================
Registered in England | Company No: 4905028 | Registered Office:
Crawford House, Hambledon Road, Denmead, Waterlooville, Hants, PO7 6NU
