OpenSC
GlobalPlatformPro
Our great sponsors
OpenSC | GlobalPlatformPro | |
---|---|---|
8 | 3 | |
2,413 | 640 | |
1.9% | - | |
9.6 | 5.4 | |
4 days ago | 23 days ago | |
C | Java | |
GNU Lesser General Public License v3.0 only | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OpenSC
- How do you put your private key files (.ppk) on a security key (HYPERFIDO U2F/FIDO2/HOTP) ?
-
Create Your Own Local Root CA With Yubikey Signing
This installs opensc, a library for dealing with Smart Card (essentially what a Yubikey is recognized as) access in a programmatic way. It also installs OpenSSL bindings that interact using the pkcs11 standard. Basically, we won't get very far using a Yubikey for signing without this. The intermediate CA configuration will also need to be updated:
-
You can link an OpenPGP key to a German eID
Well, in Spain you can use your eID directly: https://github.com/OpenSC/OpenSC/wiki/DNIe-%28OpenDNIe%29#up...
-
Enhance your Network Security with Zero Trust and OTP
The OpenSC binary to interact with the Yubikey at command line.
-
Tillitis Security Key – Mullvad spin-off inspired by measured boot and DICE
https://github.com/OpenSC/OpenSC
Note that "production ready" does not equate to "follow a YouTube video and write 17 lines of TypeScript." You need to know Java, you need to know crypto, and you need a few bucks to throw at the appropriate hardware. That said, the entire US DoD is built on JavaCard so it is as production grade as you can get.
-
EU Commission to open source software
Next step. Make sure EU Government paid contractors release source code per LGPL https://github.com/OpenSC/OpenSC/issues/2462
-
How do you store private keys?
I have one of the Nitrokeys and several of the smart cards for various purposes. The software side of using them can be a bit confusing if you're not familiar with HSMs and PKCS#11, but the OpenSC project has a lot of good info to help.
-
Dev Tools I Can't Appreciate Enough
1- PKCS11-Tools by OpenSC
GlobalPlatformPro
- How do you put your private key files (.ppk) on a security key (HYPERFIDO U2F/FIDO2/HOTP) ?
-
Tillitis Security Key – Mullvad spin-off inspired by measured boot and DICE
JavaCard is the answer for smartcards. You can find example card software all over github, and you're looking for the JavaCard SDK from Oracle and GlobalPlatformPro to program them: https://github.com/martinpaljak/GlobalPlatformPro. There's even an ant task around somewhere that allows you to use ant tooling. Blank cards with "developer"/default keys can be picked up pretty much anywhere.
Buy blank cards, write your applet, test in an emulator if you want, push to card, test for real with your software that talks to the card, profit. Be aware that if your goal is to write custom cryptography implementations in Java on the Javacard, these will be prohibitively slow. No need to take my word for it, Niels Duif did exactly this: https://research.tue.nl/en/studentTheses/smart-card-implemen...
> Java Card proves to be a worthless platform for high-speed cryptography. Despite the
-
Using a smart card to log in
You then have to get the binary (CAP file) and use a tool like GlobalPlatformPro to install it. Hopefully your JavaCard has default authentication keys, otherwise you have to ask for this from whomever you bought it from.
What are some alternatives?
AusweisApp - Der offizielle eID-Client des Bundes.
IsoApplet - A Java Card PKI Applet aiming to be ISO 7816 compliant
tpm2-pkcs11 - A PKCS#11 interface for TPM2 hardware
FIDO2 - FIDO2 toolbox in Java and X-FIDO JavaCard applet
putty-cac - Windows Secure Shell Client With Support For Smart Cards, Certificates, & FIDO Keys
SatochipApplet - The open source hardware wallet smartcard - Satochip.io
yubico-piv-tool - Command line tool for the YubiKey PIV application
yubikey-full-disk-encryption - Use YubiKey to unlock a LUKS partition
eid-mw - eID Middleware (main repository)
postman-app-support - Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
nvm - Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions