Re: Partnership Seahorse / OpenSC projects on smartcard support

From: Jean-Michel Pouré - GOOZE <jmpoure gooze eu>
To: stef memberwebs com
Cc: seahorse-list gnome org
Subject: Re: Partnership Seahorse / OpenSC projects on smartcard support
Date: Sun, 18 Jul 2010 22:00:03 -0700

> Very cool. Are you representing the OpenSC project in some way. Or are
> you a third party?

We are a third party taking active development in token and smartcard
technology for GNU/Linux and Mac OS X. Also, we write detailed
tutorials. And we foster free software development.

Several projects are already using our cards: OpenSC (of course),
OpenSSH, Gnome Keyring developers (already two I believe), OpenCA,
Cacert, etc .. 

> It's very likely that this support would be implemented in
> gnome-keyring. Seahorse is the GUI key manager, and gnome-keyring is
> GNOME's underlying key and password storage implementation.

OK.

> Yes, I responded about this separately. But again, such smart cards
> and/or readers would be a massive boon to the project.

I replied separately in a private email. I propose that five of your
developers register for a free card. Then we can send more.

We also sell very cheap compatible token if you prefer USB token over
smartcards. Unfortunately, we don't have free USB token.

> We're going to be meeting at GUADEC (in a week or so) to discuss more
> about this. As Pablo said, we'll be in a much more solid position to
> discuss our development outline at that point.
> 
> But smart card support is something we certainly want to implement, and
> much of gnome-keyring has been built with that in mind, with copious use
> of standards such as PKCS#11.

We are looking for a better PKCS#11 support in Gnome:
* Seahorse should be able to display the available content of a
smartcard.
* Seahorse should provide helpers to create RSA keypairs and X.509
certificates on card or on computer.
* We should be able to encrypt files using the chip of a smartcard, with
a right click in Nautilus.

If this is done at Gnome-Keyring level, then fine.
We need more security relying on real cryptographic hardware.

Smartcards are a superior technology because they are able to compute
information without displaying secrets. You will never achieve that
using a secret repository on a computer.

Go ahead!

Kind regards,
Jean-Michel
-- 
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

Follow-Ups:
- Re: Partnership Seahorse / OpenSC projects on smartcard support
  - From: Stef

References:
- Partnership Seahorse / OpenSC projects on smartcard support
  - From: Jean-Michel =?ISO-8859-1?Q?Pour=E9?= - GOOZE
- Re: Partnership Seahorse / OpenSC projects on smartcard support
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]