Xenitellis S wrote:
> Hello Naram,
> I am interested in the PKI part of your project. My search for available
> Linux implementations of PKIs has revealed:
>
> 1. manual use of OpenSSL (look at modssl.org WWW site, at the FAQ)
> 2. pyCA (from Python WWW site, search pyCA at "Mountain of Parnassus"
> search engine)
> 3. OpenCA (www.openca.org)
> 4. Oscar (DTSC implementation, australia - free for non-commercial purposes)
> www.dtsc.qut.edu.au (If I recollect correctly)
> 5. Netscape PKI libraries (no crypto inside yet, cannot compile).
We (SLB) are currently working on a PKCS11 support for Linux and will be releasing the
binaires (for free) soon. If you want to beta test it, let me know.
This library will work with both Cryptoflex and Cyberflex Access cards (they each have
RSA and 3DES support, while only Cryptoflex has key gen -- Access will have key gen
later this year). It is a middleware that lies on top of PCSC-lite for Linux. I'm
pretty sure the API's will be the same as on Windows so that you can write programs
that talk to the same API on both Linux and Windows.
> You will find big problems with getting smart cards with real crypto.
> The problem is the difficulty of putting RSA into the card (only new cards
> support it well) and of course the export restrictions. In your case, you
> could
> contact directly the smart card manufacturer and discuss your project with
> them. You could start with Gemplus.
> For the SDK, you will need some $$$ (err french francs)
Well, as you can see at www.cardstore.slb.com, we have very reasonably priced cards
available directly from the web. You can even buy our Cyberflex Linux starters kit
for US$50 ($30 extra for a reader).
And our cards are documented (links from the card store) so there is no need to pay
money to learn to program our cards (Cyberflex, Cryptoflex and Multiflex).
Both Cryptoflex and Cyberflex cards have US export approval, so you can integrate them
and ship it to most countries with no problem.
> Since it's an MSc project, the full work to implement smart card + PKI in
> a real environment will take longer than six months. I would recommend
> you to cut down the project, focus on working with the PAM support of Linux
> and for the PKI support, just generate the keys with command-line openssl
> and implement a one-level PKI (no hierarchy, no mesh, as it's used on the
> Internet).
>
> Simos Xenitellis
>
> > ----------
> > From: Naram El Abid[SMTP:[EMAIL PROTECTED]]
> > Reply To: [EMAIL PROTECTED]
> > Sent: 11 June 2000 14:52
> > To: [EMAIL PROTECTED]
> > Subject: MUSCLE smart card+PKI
> >
> > Hi,
> > I am a master student of computer network.
> > I am working on a project concerned with the deployment of PKI with smart
> > card in order to authenticate access to computing facilities in my
> > university campus.
> > I intend to do it with linux, and I'll be very grateful if you can help on
> > what concerns: the most
> > adequate smart cards, card reader and documentation.
> > P.S: i am from Morocco (for exportation restrictions)
> >
--
[EMAIL PROTECTED] Smart Card Engineer, Schlumberger APC
TEL/FAX: +1 512-331-3727 8311 N RR 620, Austin, TX 78726 U.S.A.
U.S. Export approved Crypto Java Card at: http://www.cyberflex.slb.com/
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
