Re: Smartcard device support?

From: Louis A. Mamakos (louie@TransSys.COM)
Date: 03/13/02


To: Gunther Schadow <gunther@aurora.regenstrief.org>
From: "Louis A. Mamakos" <louie@TransSys.COM>
Date: Tue, 12 Mar 2002 21:45:37 -0500


> Hi,
>
> I'm wondering if it isn't time to roll out smart card use a bit more
> aggressively. The question is: are any smart card devices useable
> with FreeBSD? Let's say for enabling IPsec associations with racoon
> (X509 cert on smartcard instead of a file on disk.) Only if smartcard
> is in the box will the IPsec connection work. Of course my constraint
> is cost of hardware. So is there any cheap stuff around?

You should take a look at the Dallas Semiconductor Java iButton,
which is a small Java smartcard like device in a package about the
size of a button-battery. There's also an inexpensive reader
dongle you can attach to a serial port to talk with it.

The Java iButton can do RSA public key processing; in fact, with
a suitably written application (in Java, of course), you can have
the device generate a public/private keypair, hand you back the
public key, and never expose the private key inside the tamper
resistant device. Very cool.

See http://www.ibutton.com/ for information. See also
/usr/ports/comms/mlan3 for some low-level code used to talk
to these types of "one-wire" devices.

louie

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message