[Thinlinc-technical] Smart cards

Peter Astrand astrand at cendio.se
Mon Oct 14 10:14:55 CEST 2013


On Fri, 27 Sep 2013, Leigh Porter wrote:

> It seems that our old SunRay smartcards do not work with Thinlinc (at least, Windows needs a driver for it, duno what that would be..) and
> anyway they are getting old now.
> 
> So, where do I buy suitable smart cards?

There's some information about this here:
https://www.opensc-project.org/opensc/wiki/FrequentlyAskedQuestions#Q:WherecanIbuysmartcards

Gemalto is another large vendor. Unfortunately, they have many different 
cards and only some of them supports PKCS#15. To make things worse, they 
have changed the names over time. From what I've learned, you want cards 
of type "IDClassic IAS" (legacy name: IAS TPC). Gemalto has a webshop at 
http://boutique.gemalto.com/, but they do NOT sell IDClassic IAS cards in 
the webshop. Also, to initialize these cards, you will need their 
middleware software, which is also not sold in the webshop.


The OpenSC page mentions "Aventra". I've bought a few cards from them. The 
purchase process was very easy and the cards works great. Aventra MyEID is 
supported by OpenSC: https://www.opensc-project.org/opensc/wiki/MyEID .

The cards must be initialized. Aventra provides Windows software for this, 
which I haven't tried, but you can also do it with OpenSC. It's fairly 
complicated though, so I created a script for it; attached. Note that you 
will need modern versions of OpenSC, engine_pkcs11, and libp11. The 
created certs are self signed, which should get you up and running 
quickly, but for a real deployment, you should use a CA.


Regards, 
---
Peter Astrand		ThinLinc Chief Developer
Cendio AB		http://cendio.com
Teknikringen 8		http://twitter.com/ThinLinc
583 30 Linkoping	http://facebook.com/ThinLinc
Phone: +46-13-214600	http://plus.google.com/112509906846170010689
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkcs15-selfsigned.sh
Type: application/x-sh
Size: 1500 bytes
Desc: 
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20131014/943f724c/attachment-0006.sh>


More information about the Thinlinc-technical mailing list