Re: Nice talk at FOSDEM, donation of Feitian PKI smarcards

From: Jean-Michel Pouré <jmpoure free fr>
To: Stef Walter <stefw collabora co uk>
Cc: seahorse-list gnome org
Subject: Re: Nice talk at FOSDEM, donation of Feitian PKI smarcards
Date: Thu, 17 Feb 2011 13:18:48 +0100

Dear all,

Sorry if I did not catch-up before.

> Yes, this would be a great project for someone to bite into. Certainly
> something that should be simple to do from a UI. But it would only
> work
> for a small number of cards right? In any case that would still be
> progress.

OpenSC supports more than 20 smarcards/tokens. Out of which 2 or 3 are
actively maintained, including the Feitian PKI. There will probably be
more smarcards in the future. So if you invest some time, it will never
be lost for the next 10 years.

The advantage of OpenSC over other crypto projects is that PKCS#11 and
PKCS#15 are real standards for hardware crypto.

There are two levels of GUI management:

* Erase and format the key/smartcard using the commands:
pkcs15-init -E ;
pkcs15-init --create-pkcs15 --profile pkcs15+onepin
--use-default-transport-key --pin 0000 --puk 111111 
--label "François Pérou"

* Upload and manage RSA + X.509 certs on key.
The project Gnomint has a real neat interface to manage
RSA keys and X.509 certificates. Gnomint is a CA manager, it has nothing
to do yet with smartcards, only an indication for a good GUI.

As their official website is down, I add a link to gnomint documentation
on GOOZE:
http://www.gooze.eu/howto/ca-and-pki-management-using-gnomint/ca-and-pki-management-using-gnomint

If you bundle all that together in Seahorse, this would make a killing
application.

Kind regards,
Jean-Michel

References:
- Nice talk at FOSDEM, donation of Feitian PKI smarcards
  - From: Jean-Michel =?ISO-8859-1?Q?Pour=E9?=
- Re: Nice talk at FOSDEM, donation of Feitian PKI smarcards
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]