From owner-freebsd-small  Tue Mar 12 18:45:44 2002
Delivered-To: freebsd-small@freebsd.org
Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10])
	by hub.freebsd.org (Postfix) with ESMTP
	id 588F537B404; Tue, 12 Mar 2002 18:45:38 -0800 (PST)
Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1])
	by whizzo.transsys.com (8.11.6/8.11.6) with ESMTP id g2D2jbY28875;
	Tue, 12 Mar 2002 21:45:37 -0500 (EST)
	(envelope-from louie@whizzo.transsys.com)
Message-Id: <200203130245.g2D2jbY28875@whizzo.transsys.com>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Gunther Schadow <gunther@aurora.regenstrief.org>
Cc: freebsd-security@FreeBSD.ORG,
	PicoBSD List <freebsd-small@FreeBSD.ORG>
X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg
From: "Louis A. Mamakos" <louie@TransSys.COM>
Subject: Re: Smartcard device support? 
References: <3C8E822E.7070509@aurora.regenstrief.org> 
In-reply-to: Your message of "Tue, 12 Mar 2002 17:33:18 EST."
             <3C8E822E.7070509@aurora.regenstrief.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 12 Mar 2002 21:45:37 -0500
Sender: owner-freebsd-small@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-small.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-small>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-small>
X-Loop: FreeBSD.ORG

> Hi,
> 
> I'm wondering if it isn't time to roll out smart card use a bit more
> aggressively. The question is: are any smart card devices useable
> with FreeBSD? Let's say for enabling IPsec associations with racoon
> (X509 cert on smartcard instead of a file on disk.) Only if smartcard
> is in the box will the IPsec connection work. Of course my constraint
> is cost of hardware. So is there any cheap stuff around?

You should take a look at the Dallas Semiconductor Java iButton,
which is a small Java smartcard like device in a package about the
size of a button-battery.  There's also an inexpensive reader
dongle you can attach to a serial port to talk with it.

The Java iButton can do RSA public key processing; in fact, with
a suitably written application (in Java, of course), you can have
the device generate a public/private keypair, hand you back the
public key, and never expose the private key inside the tamper
resistant device.  Very cool.

See http://www.ibutton.com/ for information.  See also
/usr/ports/comms/mlan3 for some low-level code used to talk
to these types of "one-wire" devices.

louie


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-small" in the body of the message