Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Getting a personal smart card

From: "Johann MacDonagh" <johann () macdonaghs com>
Date: Tue, 8 Jul 2008 16:38:06 -0400
I would keep an encrypted archive copy of my certs and signed keys
(PGP) in a safe location, so if the key is damaged, I can simply get a
new one and import the old certs.

I'm also looking at the Aladdin eToken. Correct me if I'm wrong, but
any system that has support for PKCS #11 should be able to read from
it, right?

Johann

On 7/7/08, Geoffrey J Gowey <gjgowey () gmail com> wrote:

Your problem with a device such as this is that if the device is lost/damaged/destroyed then you're out of business.  
They're good for companies with a centralized setup since they can be replaced and the credentials changed, but for 
personal use it gets much more complicated.

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Johann MacDonagh <johann () macdonaghs com>

Date: Mon, 7 Jul 2008 17:50:28
To: <security-basics () securityfocus com>
Subject: Getting a personal smart card


Hey all,

If anyone was following my previous message, I was discussing unique password complexity. I also mentioned that I 
would love to have a personal smart card for personal authentication.

I may have found one:
http://athena-scs.com/product.asp?pid=33

The USB connection means that I don't have to buy a separate reader for computer systems. Sweet!

I just wonder what I can use this for. From what I understand, I can use it to log into Windows, OS X, and Linux 
systems by simply plugging in the USB key and entering in my PIN, right? Also, I guess support is built into OS X, 
but requires software installation for Linux and Windows (although depending on the distro, it may already be 
available on the Linux system).

So, if I have a x.509 cert for e-mail signing and a PGP key, I assume I can upload both of those onto there and 
remove them from my computer system. Then, whenever an application (a supported application) requires one or the 
other, it can query my smart card. All encryption is done on the chip, so the computer system never even sees the 
private key.

Has anyone used these kinds of systems? Purely a geek toy or did they make your life easier? Is Athena known for 
interoperability between systems?

Thanks,
Johann
Previous By Date Next
Previous By Thread Next

Current thread: