Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ludovic Rousseau Debian Miniconf Paris, Oct. 2010

Published by梅 雷 Modified over 8 years ago

Similar presentations

Presentation on theme: "Ludovic Rousseau Debian Miniconf Paris, Oct. 2010"— Presentation transcript:

1 Ludovic Rousseau Debian Miniconf Paris, Oct. 2010
Debian and smart cards Ludovic Rousseau Debian Miniconf Paris, Oct. 2010

2 Agenda Who am I? What is a smart card Smart cards packages in Debian
Why use a smart card What to buy? Online information Conclusion

3 Who am I? Debian user since 1998 Debian Developer since 2001
Packages I maintain: smart card pcsc-lite ccid pcsc-perl pcsc-tools asedriveiiie  coolkey ifd-gempc libmusclecard muscleframework muscletools pam-pkcs11 pykcs11 pyscard xcardii Palm PDA jpilot jpilot-backup pilot-link plucker  Misc bins colormake jhead 

4 What is a smart card? Piece of plastic + micro controller
3 formats (ISO ): ID-1 (full size) ID-000 (SIM plugin size) Micro-SIM Micro controller (ISO )

5 Communication protocol: ISO 7816-3
Half duplex communication External clock: ~4 MHz 2 protocols: T=0, T=1 ATR: Answer To Reset PTS: Protocol Type Selection Communication is taken care by the software layers IFD handler (driver) PC/SC layer (middleware)

6 Commands: ISO 7816-4 APDU: APplication Data Unit
Header: CLAss, INStruction, Parameter 1, Parameter 2 Data Example: VERIFY   Lots of commands defined Standards are not complete Cards manufacturers diverge from standards

7 Private/proprietary specifications
French banking cards: Carte bancaire B0' French health cards: Carte Vitale Pay TV cards It is hard to correctly use such cards... but not always impossible

8 Publicly documented specifications
EMV bank cards GSM/3G cards GSM 11.11/ETSI Some National ID/eID cards IAS/ECC: Identification-Authentification-Signature European-Citizen-Card Some PKI cards SetCOS, ACOS5 Biometric Passport (ICAO) OpenPGP card

9 Programmable smart cards
JavaCard a free software MUSCLE applet is available .NET not yet tried BasicCard example: OpenPGP V1 and V2 cards Multos GlobalPlatform

10 Debian packages for smart cards
12 reader drivers libacr38u libacr38ucontrol0 libacr38ucontrol-dev libasedrive-serial libasedrive-usb libccid libchipcardc2 libgcr410 libgempc410 libgempc430 libtowitoko2 libtowitoko-dev 42 middlewares/libraries coolkey libbeid2 libbeid2-dbg libbeid2-dev libbeidlibopensc2 libbeidlibopensc2-dbg libbeidlibopensc2-dev libcflexplugin libchipcard-ctapi0 libchipcard-data libchipcard-dev libchipcard-libgwenhywfar47-plugins libchipcard-tools libckyapplet1 libckyapplet1-dev libengine-pkcs11-openssl libmcardplugin libmusclecard1 libmusclecard-dev libmusclepkcs11 libmusclepkcs11-dev libopenct1 libopenct1-dbg libopenct1-dev libopensc2 libopensc2-dbg libopensc2-dev libpam-musclecard libpam-p11 libpam-pkcs11 libpam-poldi libpcscada0.6 libpcscada1-dev libpcsclite1 libpcsclite-dev libpcsc-perl mozilla-opensc openct pam-pkcs11-dbg pcscada-dbg pcscd python-pyscard  16 applications beidgui beid-tools esteidutil gnokii gnupg gnupg2 hostapd libchipcard-tools muscletools opensc pcsc-tools rdesktop virtualbox-ose wine wpasupplicant xcardii 

11 CCID: Circuit(s) Cards Interface Devices
USB specification available on Define bInterfaceClass = 11 (0x0b) Goal: replace all the proprietary protocols by only one libccid: free software CCID driver 180 readers supported (or partly supported)

12 PC/SC: Personal Computer Smart Card
Specification from PC/SC workgroup Implemented by Microsoft in Windows pcsc-lite: free software implementation of the API should be the only smart card API used on Unix Apple fork (Roseta) SUN fork (SunRay)

13 PKCS#11: Cryptographic Token Interface Standard
RSA labs defined API for PKI tokens smart cards software tokens (Firefox includes one) PCI cards (IBM 4758) OpenSC: free software implementation of the API using smart cards

14 pyscard: Python PC/SC wrapper
Direct PC/SC API fine control of everything I use it to write pcsc-lite Unitary Tests Higher level API less code to write

15 PyKCS11: Python PKCS#11 wrapper
Low level API High level API Sample code soon available on my blog

16 Big picture Many other software are available (but not displayed)

17 What can a smart card be used for?
In a computing system (PKI) using PKCS#11 Local user authentication (PAM) Web SSL client authentication Mail signature Mail deciphering SSH client authentication Two factor authentication what I own: smart card what I know: PIN code

18 Electronic ID cards Some european citizen already have an eID card
Estonia  Most european citizens will receive an eID card (soon) Spain  Portuguese France  Belgium  Germany Nov 2010 Luxembourg Q1 2011

19 What to buy? Smart card reader CCID reader supported by libccid
contact, contactless or both? Smart card PKI smart card supported by OpenSC OpenPGP card JavaCard and install the Muscle applet

20 Online information about smart cards and Free Software
Wikipedia Muscle mailing list OpenSC mailing lists My blog

21 For more information (in french)

22 Conclusion Many smart card programs are in Debian
just one "apt-get install" away Free Software smart card? all cards contain a proprietary "firmware"

23 Thanks Questions? Wikipedia for the images and information
You for your participation Questions?

Download ppt "Ludovic Rousseau Debian Miniconf Paris, Oct. 2010"

Similar presentations

1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.

1 Java Card Technology Prepared by:Ali Toyserkani Adopted from: Introduction to Java Card Technology C. Enrique Ortiz.
© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.

© Copyrights 1998 Algorithmic Research Ltd. All rights Reserved D a t a S e c u r i t y A c r o s s t h e E n t e r p r i s e Algorithmic Research a company.
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.

Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Smart Card Syed Jabbar Computer Science Course:

Smart Card Syed Jabbar Computer Science Course:
Mobile Devices in the DoD

Mobile Devices in the DoD
Digital Identity Group May 2012. GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.

Digital Identity Group May GIXEL  GIXEL is the professional association of electronic component and system industries in France. It brings together.
Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards

Identity and Access IDPrime MD 8840 and IDCore 8030 MicroSD cards
Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.

Civil Registry Agency of the Ministry of Justice, Georgia Digital Signature Services in Georgia Mikheil Kapanadze.
Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI

Mobile Credentials Ennio J. Carboni Product Manager, Keon PKI
Projects on digital identification at MTA SZTAKI Ottó Hutter MTA SZTAKI.

Projects on digital identification at MTA SZTAKI Ottó Hutter MTA SZTAKI.
SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.

SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.
Identity and Access IDGo Secure Email (ISE) for Android Didier Bonnet April 2015.

Identity and Access IDGo Secure (ISE) for Android Didier Bonnet April 2015.
Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?

Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict 2010. All rights.

Designing and Implementing Secure ID Management Systems: BELGIUM’s Experience Washington - September 27 th, 2010 Frank LEYMAN © fedict All rights.
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.

About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September 2014 1 Oberthur Technologies – Identity.

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
SESSION D: What You Know - What You Have - What You Are: The Role of Hardware Technologies to Provide Identity Assurance BELGIUM’s Experience Washington.

SESSION D: What You Know - What You Have - What You Are: The Role of Hardware Technologies to Provide Identity Assurance BELGIUM’s Experience Washington.
Muhammad Wasim Raad1 Smart Cards Operating Systems أنظمة التشغيل للبطاقات الذكية By: Dr Muhammad Wasim Raad Computer Engineering Department.

Muhammad Wasim Raad1 Smart Cards Operating Systems أنظمة التشغيل للبطاقات الذكية By: Dr Muhammad Wasim Raad Computer Engineering Department.
European Electronic Identity Practices Country Update of Spain Date: 26 May 2005.

European Electronic Identity Practices Country Update of Spain Date: 26 May 2005.

Similar presentations

Ads by Google