GlobalPlatformPro
FIDO2
GlobalPlatformPro | FIDO2 | |
---|---|---|
3 | 1 | |
643 | 28 | |
- | - | |
5.4 | 0.0 | |
about 1 month ago | over 1 year ago | |
Java | Java | |
GNU Lesser General Public License v3.0 only | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GlobalPlatformPro
- How do you put your private key files (.ppk) on a security key (HYPERFIDO U2F/FIDO2/HOTP) ?
-
Tillitis Security Key – Mullvad spin-off inspired by measured boot and DICE
JavaCard is the answer for smartcards. You can find example card software all over github, and you're looking for the JavaCard SDK from Oracle and GlobalPlatformPro to program them: https://github.com/martinpaljak/GlobalPlatformPro. There's even an ant task around somewhere that allows you to use ant tooling. Blank cards with "developer"/default keys can be picked up pretty much anywhere.
Buy blank cards, write your applet, test in an emulator if you want, push to card, test for real with your software that talks to the card, profit. Be aware that if your goal is to write custom cryptography implementations in Java on the Javacard, these will be prohibitively slow. No need to take my word for it, Niels Duif did exactly this: https://research.tue.nl/en/studentTheses/smart-card-implemen...
> Java Card proves to be a worthless platform for high-speed cryptography. Despite the
-
Using a smart card to log in
You then have to get the binary (CAP file) and use a tool like GlobalPlatformPro to install it. Hopefully your JavaCard has default authentication keys, otherwise you have to ask for this from whomever you bought it from.
FIDO2
-
The Mechanics of a Sophisticated Phishing Scam
If you deploy and maintain your own fleet of cards then you could do this. There's an open source FIDO2 applet implementation at https://github.com/martinpaljak/FIDO2
You could also use PIV/PKCS11 client certificates if it's for internal systems you run - there is reasonably good support for using client certificates in popular browsers from a smartcard, as this is used for DOD CACs.
What are some alternatives?
IsoApplet - A Java Card PKI Applet aiming to be ISO 7816 compliant
webauthn4j-spring-security - WebAuthn4J Extension for Spring Security
SatochipApplet - The open source hardware wallet smartcard - Satochip.io
javacard-gradle-template - JavaCard project template for building CAP and running JCardSim with gradle + coverage
yubikey-full-disk-encryption - Use YubiKey to unlock a LUKS partition
keycloak-radius-plugin - Make the radius server as part of keycloak SSO
OpenSC - Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend
nfc4pc - NFC for Personal Computers