LinuxSelfhelp.com

6. Applications on Linux

In this section there will be applications that uses smart cards for some reason on Linux environment. If you are a developer of a software and your development environment is Linux please let me know. I will add you in the list.

6.1. scas

SCAS is a simple program that checks the code inside the card with the code inside the computer. As an example of showing a way of authentication with memory cards scas is very good.

6.2. smartcard

smartcard is a general smart card utility in Linux which uses CT-API. With smartcard utility you can read/write data from/into smart cards. As long as your reader can be accessed via CT-API, smartcard can be used to control the reader. Currently smartcard could only be used with memory cards using I2C or 3W protocols. There is also a GTK+/Gnome graphical front end which support all functions of smartcard utility.

6.3. ssh-smart

ssh-smart is a basic proof-of-concept of ssh identity on smart card, as the author says. ssh-smart uses smartcard utility to communicate with the smart card. Basically, ssh-smart-add tool (perl script) call ssh-keygen to generate RSA public and private keys. Than puts the private key on the memory card. Later the ssh-smart-addagent tool can be used to extract the private key from the card to use with ssh-agent.

6.4. smarttools-rsa

This is another PAM Module for Unix systems but supports RSA authentication through your private key on the smart card. You must have a Schlumberger Cyberflex Access card or Schlumberger Cryptoflex for Windows Card and a working reader to use this tool.

6.5. smartsign

This utility is some-complete PKI integration with the smart cards. To use you must establish a working OpenCA and have Schlumberger's "Cyberflex Access 16K" smart cards. During the certification process of OpenCA, private key and public certificate can be stored on the smart card and private key, later, could be used with Netscape to sign outgoing mails and news. Also smartsign supports authentication of local users via a PAM Module through a public key authentication. Smartsign comes with gpkcs11, a PKCS#11 implementation, smastsh, a command line shell that allows browsing smart card contents, sign_sc/verify_sc to sign and verify any file with smart card.

6.6. CITI Projects

At CITI, Center for Information Technology Integration of Michigan University, there are some new projects. For example, Webcard is a web server running on a Schlumberger Cyberflex Access Java Card. Features a stripped TCP/IP stack that supports HTTP only. The system is designed to have a router which frames IP packets in ISO7816 and a Java Virtual Machine in the card. Detailed technical report can be found at http://www.citi.umich.edu/projects/smartcard/webcard/citi-tr-99-3.html