From owner-freebsd-security Wed Mar 13 1:45:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.spc.org (insomnia.spc.org [195.224.94.183]) by hub.freebsd.org (Postfix) with SMTP id 9C3D337B419 for ; Wed, 13 Mar 2002 01:45:37 -0800 (PST) Received: (qmail 968 invoked by uid 1031); 13 Mar 2002 09:33:44 -0000 Date: Wed, 13 Mar 2002 09:33:43 +0000 From: Bruce M Simpson To: Gunther Schadow Cc: freebsd-security@freebsd.org, PicoBSD List Subject: Re: Smartcard device support? Message-ID: <20020313093343.U10322@spc.org> Mail-Followup-To: Bruce M Simpson , Gunther Schadow , freebsd-security@freebsd.org, PicoBSD List References: <3C8E822E.7070509@aurora.regenstrief.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C8E822E.7070509@aurora.regenstrief.org>; from gunther@aurora.regenstrief.org on Tue, Mar 12, 2002 at 05:33:18PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I looked at IBM's OpenCryptoki briefly, but it only supports Linux. Also, it seems that it requires a drop-in 'STDLL' to be written for each device. It might be possible to do something similar to SSH by hacking ssh-agent to be tied to a removable medium. BMS On Tue, Mar 12, 2002 at 05:33:18PM -0500, Gunther Schadow wrote: > Hi, > > I'm wondering if it isn't time to roll out smart card use a bit more > aggressively. The question is: are any smart card devices useable > with FreeBSD? Let's say for enabling IPsec associations with racoon > (X509 cert on smartcard instead of a file on disk.) Only if smartcard > is in the box will the IPsec connection work. Of course my constraint > is cost of hardware. So is there any cheap stuff around? > > thanks for any hint, > -Gunther To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message