From owner-freebsd-security  Wed Mar 13  3:14:30 2002
Delivered-To: freebsd-security@freebsd.org
Received: from webweaving.org (adsl-66-124-87-42.dsl.snfc21.pacbell.net [66.124.87.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7A00637B404; Wed, 13 Mar 2002 03:14:23 -0800 (PST)
Received: from dirkx (helo=localhost)
	by webweaving.org with local-esmtp (Exim 3.14 #1)
	id 16l7MP-0007Mr-00; Wed, 13 Mar 2002 11:56:01 +0000
Date: Wed, 13 Mar 2002 11:56:01 +0000 (GMT)
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
X-Sender: dirkx@router.ispra.webweaving.org
To: "Louis A. Mamakos" <louie@TransSys.COM>
Cc: Gunther Schadow <gunther@aurora.regenstrief.org>,
	freebsd-security@FreeBSD.ORG,
	PicoBSD List <freebsd-small@FreeBSD.ORG>
Subject: Re: Smartcard device support? 
In-Reply-To: <200203130245.g2D2jbY28875@whizzo.transsys.com>
Message-ID: <Pine.BSO.4.21.0203131150060.11499-100000@router.ispra.webweaving.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Tue, 12 Mar 2002, Louis A. Mamakos wrote:

> You should take a look at the Dallas Semiconductor Java iButton,
> which is a small Java smartcard like device in a package about the
> size of a button-battery.  There's also an inexpensive reader
> dongle you can attach to a serial port to talk with it.
> 
> The Java iButton can do RSA public key processing; in fact, with
> a suitably written application (in Java, of course), you can have
> the device generate a public/private keypair, hand you back the
> public key, and never expose the private key inside the tamper
> resistant device.  Very cool.

And extremely easy to write/handle. I used it to do the above; have it
signed by a CA - and then use the iButton to sign 5 day cert's which go
down into a web server. They are not that fast though - i.e. do not expect
those nice <1msec touch-and-go you see with the nedap devices. You have to
conciously press them against the blue connector for a noticable period of
time. I.e. there is a 'rest' moment.
 
> See http://www.ibutton.com/ for information.  See also
> /usr/ports/comms/mlan3 for some low-level code used to talk
> to these types of "one-wire" devices.

I found them working just fine. However - the IDE requirers java comm
support - which I could not get to work on FreeBSD (a year ago). So I had
to do the initial part of the development on Sun Solaris box (PC is fine
too).

But once you are set up it is 100% java and platform agnostics; and
especially if during development you allow the iButton to DHCP network
itself in - using one of the adaptor cards and the java SIM - you can use
(t)ftp to do all your develpment just fine from any unix. And may only
need ot do something special when you are rolling out the ibottons on a
PC.

DW.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message