[Thinlinc-technical] Smart cards
Peter Astrand
astrand at cendio.se
Mon Oct 14 10:14:55 CEST 2013
On Fri, 27 Sep 2013, Leigh Porter wrote:
> It seems that our old SunRay smartcards do not work with Thinlinc (at least, Windows needs a driver for it, duno what that would be..) and
> anyway they are getting old now.
>
> So, where do I buy suitable smart cards?
There's some information about this here:
https://www.opensc-project.org/opensc/wiki/FrequentlyAskedQuestions#Q:WherecanIbuysmartcards
Gemalto is another large vendor. Unfortunately, they have many different
cards and only some of them supports PKCS#15. To make things worse, they
have changed the names over time. From what I've learned, you want cards
of type "IDClassic IAS" (legacy name: IAS TPC). Gemalto has a webshop at
http://boutique.gemalto.com/, but they do NOT sell IDClassic IAS cards in
the webshop. Also, to initialize these cards, you will need their
middleware software, which is also not sold in the webshop.
The OpenSC page mentions "Aventra". I've bought a few cards from them. The
purchase process was very easy and the cards works great. Aventra MyEID is
supported by OpenSC: https://www.opensc-project.org/opensc/wiki/MyEID .
The cards must be initialized. Aventra provides Windows software for this,
which I haven't tried, but you can also do it with OpenSC. It's fairly
complicated though, so I created a script for it; attached. Note that you
will need modern versions of OpenSC, engine_pkcs11, and libp11. The
created certs are self signed, which should get you up and running
quickly, but for a real deployment, you should use a CA.
Regards,
---
Peter Astrand ThinLinc Chief Developer
Cendio AB http://cendio.com
Teknikringen 8 http://twitter.com/ThinLinc
583 30 Linkoping http://facebook.com/ThinLinc
Phone: +46-13-214600 http://plus.google.com/112509906846170010689
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkcs15-selfsigned.sh
Type: application/x-sh
Size: 1500 bytes
Desc:
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20131014/943f724c/attachment-0006.sh>
More information about the Thinlinc-technical
mailing list