From owner-freebsd-security Tue Mar 12 18:45:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10]) by hub.freebsd.org (Postfix) with ESMTP id 588F537B404; Tue, 12 Mar 2002 18:45:38 -0800 (PST) Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1]) by whizzo.transsys.com (8.11.6/8.11.6) with ESMTP id g2D2jbY28875; Tue, 12 Mar 2002 21:45:37 -0500 (EST) (envelope-from louie@whizzo.transsys.com) Message-Id: <200203130245.g2D2jbY28875@whizzo.transsys.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Gunther Schadow Cc: freebsd-security@FreeBSD.ORG, PicoBSD List X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg From: "Louis A. Mamakos" Subject: Re: Smartcard device support? References: <3C8E822E.7070509@aurora.regenstrief.org> In-reply-to: Your message of "Tue, 12 Mar 2002 17:33:18 EST." <3C8E822E.7070509@aurora.regenstrief.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 12 Mar 2002 21:45:37 -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Hi, > > I'm wondering if it isn't time to roll out smart card use a bit more > aggressively. The question is: are any smart card devices useable > with FreeBSD? Let's say for enabling IPsec associations with racoon > (X509 cert on smartcard instead of a file on disk.) Only if smartcard > is in the box will the IPsec connection work. Of course my constraint > is cost of hardware. So is there any cheap stuff around? You should take a look at the Dallas Semiconductor Java iButton, which is a small Java smartcard like device in a package about the size of a button-battery. There's also an inexpensive reader dongle you can attach to a serial port to talk with it. The Java iButton can do RSA public key processing; in fact, with a suitably written application (in Java, of course), you can have the device generate a public/private keypair, hand you back the public key, and never expose the private key inside the tamper resistant device. Very cool. See http://www.ibutton.com/ for information. See also /usr/ports/comms/mlan3 for some low-level code used to talk to these types of "one-wire" devices. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message