From owner-freebsd-small@FreeBSD.ORG  Fri Sep 24 15:50:34 2004
Return-Path: <owner-freebsd-small@FreeBSD.ORG>
Delivered-To: freebsd-small@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id C6FCE16A504; Fri, 24 Sep 2004 15:50:34 +0000 (GMT)
Received: from post5.inre.asu.edu (post5.inre.asu.edu [129.219.110.120])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id AFEB043D9A; Fri, 24 Sep 2004 15:50:20 +0000 (GMT)
	(envelope-from David.Bear@asu.edu)
Received: from conversion.post5.inre.asu.edu by asu.edu (PMDF V6.1-1X6 #30769)
 id <0I4J00A01YHFCO@asu.edu>; Fri, 24 Sep 2004 08:46:27 -0700 (MST)
Received: from smtp.asu.edu (smtp.asu.edu [129.219.110.107])
	<0I4J009AQYHFSO@asu.edu>; Fri, 24 Sep 2004 08:46:27 -0700 (MST)
Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.69.200])
	(8.12.10/8.12.10/asu_smtp_relay,nullclient,tcp_wrapped)
	with ESMTP id i8OFkP71011932; Fri, 24 Sep 2004 08:46:25 -0700 (MST)
Received: by moroni.pp.asu.edu (Postfix, from userid 500)	id 82E76E34; Fri,
	24 Sep 2004 08:46:12 -0700 (MST)
Received: from post1.inre.asu.edu (post1.inre.asu.edu [129.219.110.72])
	by imap1.asu.edu (8.11.0/8.11.0/asu_cyrus,tcp_wrapped)
 with ESMTP id g2D2k1E16274	for <iddwb@IMAP1.ASU.EDU>; Tue,
 12 Mar 2002 19:46:01 -0700 (MST)
Received: from conversion.post1.inre.asu.edu by asu.edu (PMDF V6.1 #40110)
	david.bear@asu.edu) ; Tue, 12 Mar 2002 19:46:01 -0700 (MST)
Received: from mx2.freebsd.org (mx2.FreeBSD.org [216.136.204.119])
 by asu.edu (PMDF V6.1 #40110) with ESMTP id <0GSW0013250OYI@asu.edu> for
 iddwb@IMAP1.ASU.EDU (ORCPT david.bear@asu.edu); Tue,
 12 Mar 2002 19:46:01 -0700 (MST)
Received: from hub.freebsd.org (hub.FreeBSD.org [216.136.204.18])
	by mx2.freebsd.org (Postfix) with ESMTP	id 675C255DB2; Tue,
 12 Mar 2002 18:45:57 -0800
Received: by hub.freebsd.org (Postfix, from userid 538)	id 3D14B37B41A; Tue,
	12 Mar 2002 18:45:44 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])	by hub.freebsd.org (Postfix)
	with SMTP	id 1E9912E8011; Tue, 12 Mar 2002 18:45:42 -0800 (PST)
Received: by hub.freebsd.org (bulk_mailer v1.12); Tue,
 12 Mar 2002 18:45:41 -0800
Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10])
	by hub.freebsd.org (Postfix) with ESMTP	id 588F537B404; Tue,
 12 Mar 2002 18:45:38 -0800 (PST)
Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1])
	by whizzo.transsys.com (8.11.6/8.11.6) with ESMTP id g2D2jbY28875;
	Tue, 12 Mar 2002 21:45:37 -0500
From: "Louis A. Mamakos" <louie@TransSys.COM>
In-reply-to: "Your message of Tue, 12 Mar 2002 17:33:18 EST."
 <3C8E822E.7070509@aurora.regenstrief.org>
Sender: owner-freebsd-security@FreeBSD.ORG
To: dwbear75@gmail.com
Message-id: <200203130245.g2D2jbY28875@whizzo.transsys.com>
MIME-version: 1.0
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
Content-type: text/plain; charset=us-ascii
Precedence: bulk
X-Loop: FreeBSD.org
Delivered-to: freebsd-security@freebsd.org
Old-To: Gunther Schadow <gunther@aurora.regenstrief.org>
X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg
Lines: 29
References: <3C8E822E.7070509@aurora.regenstrief.org>
X-Keywords: 
cc: freebsd-security@FreeBSD.ORG
cc: PicoBSD List <freebsd-small@FreeBSD.ORG>
Subject: Re: Smartcard device support?
X-BeenThere: freebsd-small@freebsd.org
X-Mailman-Version: 2.1.1
List-Id: Dedicated and Embedded Systems <freebsd-small.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-small>,
	<mailto:freebsd-small-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-small>
List-Post: <mailto:freebsd-small@freebsd.org>
List-Help: <mailto:freebsd-small-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-small>,
	<mailto:freebsd-small-request@freebsd.org?subject=subscribe>
Date: Fri, 24 Sep 2004 15:50:35 -0000
X-Original-Date: Tue, 12 Mar 2002 21:45:37 -0500
X-List-Received-Date: Fri, 24 Sep 2004 15:50:35 -0000

> Hi,
> 
> I'm wondering if it isn't time to roll out smart card use a bit more
> aggressively. The question is: are any smart card devices useable
> with FreeBSD? Let's say for enabling IPsec associations with racoon
> (X509 cert on smartcard instead of a file on disk.) Only if smartcard
> is in the box will the IPsec connection work. Of course my constraint
> is cost of hardware. So is there any cheap stuff around?

You should take a look at the Dallas Semiconductor Java iButton,
which is a small Java smartcard like device in a package about the
size of a button-battery.  There's also an inexpensive reader
dongle you can attach to a serial port to talk with it.

The Java iButton can do RSA public key processing; in fact, with
a suitably written application (in Java, of course), you can have
the device generate a public/private keypair, hand you back the
public key, and never expose the private key inside the tamper
resistant device.  Very cool.

See http://www.ibutton.com/ for information.  See also
/usr/ports/comms/mlan3 for some low-level code used to talk
to these types of "one-wire" devices.

louie


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message