[Openswan Users] Re: strongswan and smartcards

[Andreas Steffen]

Hi Norbert,

strongSwan now has a standardized PKCS#11 interface that can either
be used with OpenSC's Open Source PKCS#11 library (also available
under Windoze and MacOS) or any other third-party library (Aladdin's
PKCS#11 library e.g works perfectly). I can recommend the following
smartcards and USB crypto tokens:

Smartcards

- Cryptoflex 32k
- Oberthur AuthentIC
- NetKey (is also reported to work)

USB Token:

- Aladdin etoken Pro 32k
- Axalto Cryptoflex egate 32k
- SafeNet Rainbow iKey 3000

Whereas USB tokens usually work perfectly, my experience with smartcard 
readers has been rather painful:

- The expensive Kobil Kaan Professional with pin pad and display
   works perfectly on a serial interface but has fatal timing problems
   if used with the pseudo-USB interface.

- the Schlumberger Reflex 72v2 reader worked only with a special driver
   obtained directly from the developer and produced UART timeouts on
   certain platforms.

Cards and Tokens that have a PKCS#15 directory structure can be
initialized using OpenSC's pkcs15-init tool. For proprietary file
formats the vendor's tools must be used.

Regards

Andreas

Norbert Wegener wrote:
> Hello Andreas,
> I want to play a bit with smartcards and strongswan, which leads me to 
> some questions around that topic.
> Which smardcards would you recommend for use with strongswan?
> Can they also be used with windows clients without specialsoftware?
> Are there any preferred readers?
> Which software/hardware could/should be used to write smartcards?
> Thanks
> Norbert

=======================================================================
Andreas Steffen                   e-mail: andreas.steffen at strongsec.com
strongSec GmbH                    home:   http://www.strongsec.com
Alter Zürichweg 20                phone:  +41 1 730 80 64
CH-8952 Schlieren (Switzerland)   fax:    +41 1 730 80 65
==========================================[strong internet security]===