GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sektioneins → scd-pkcs11

sektioneins / scd-pkcs11

Licence: Apache-2.0 license
PKCS#11 provider with smart card support via GnuPG

Programming Languages

c
50402 projects - #5 most used programming language

Labels

gnupgsmartcardpkcs11

Projects that are alternatives of or similar to scd-pkcs11

hsmwiz
HSMWiz is a frontend for OpenSC, pkcs11tool and pkcs15tool to ease handling of HSM smartcards
Stars: ✭ 27 (-22.86%)
Mutual labels:  smartcard, pkcs11
Opensc
Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend
Stars: ✭ 1,792 (+5020%)
Mutual labels:  smartcard, pkcs11
fortify
Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is the desktop application repository.
Stars: ✭ 88 (+151.43%)
Mutual labels:  smartcard, pkcs11
win-gpg-agent
[DEPRECATED] Windows helpers for GnuPG tools suite
Stars: ✭ 214 (+511.43%)
Mutual labels:  gnupg, smartcard
Pkcs11Interop.X509Store
Easy to use PKCS#11 based X.509 certificate store
Stars: ✭ 24 (-31.43%)
Mutual labels:  smartcard, pkcs11
Yubikey Guide
Guide to using YubiKey for GPG and SSH
Stars: ✭ 6,709 (+19068.57%)
Mutual labels:  gnupg, smartcard
Dat Keyserver
a distributed PGP keyserver project based on the dat protocol
Stars: ✭ 89 (+154.29%)
Mutual labels:  gnupg
openpgpkey-control
OpenPGP keys published on your website (WKD)
Stars: ✭ 36 (+2.86%)
Mutual labels:  gnupg
Iostreams
IOStreams is an incredibly powerful streaming library that makes changes to file formats, compression, encryption, or storage mechanism transparent to the application.
Stars: ✭ 84 (+140%)
Mutual labels:  gnupg
Caesonia
OpenBSD Email Service
Stars: ✭ 761 (+2074.29%)
Mutual labels:  gnupg
docker-mailpile
A minimal Mailpile Docker image based on Alpine Linux.
Stars: ✭ 27 (-22.86%)
Mutual labels:  gnupg
oseid
Microchip AVR based smartcard/token with ECC and RSA cryptography
Stars: ✭ 17 (-51.43%)
Mutual labels:  smartcard
dotfiles
My dotfiles
Stars: ✭ 22 (-37.14%)
Mutual labels:  gnupg
Gpg Mailer
GnuPG-encrypted emails made easy
Stars: ✭ 93 (+165.71%)
Mutual labels:  gnupg
dotfiles
This is a dotfiles repository created and maintained by @erdaltsksn. It contains a collection of `.files`.
Stars: ✭ 16 (-54.29%)
Mutual labels:  gnupg
Jaromail
A commandline tool to easily and privately handle your e-mail
Stars: ✭ 86 (+145.71%)
Mutual labels:  gnupg
generate-secure-pillar
Salt Secure Pillar Tool
Stars: ✭ 30 (-14.29%)
Mutual labels:  gnupg
Pius
PGP Individual User Signer
Stars: ✭ 77 (+120%)
Mutual labels:  gnupg
Bouncy Gpg
Make using Bouncy Castle with OpenPGP fun again!
Stars: ✭ 164 (+368.57%)
Mutual labels:  gnupg
pkcs11js
A Node.js implementation of the PKCS#11 2.3 interface. (Keywords: Javascript, PKCS#11, Crypto, Smart Card, HSM)
Stars: ✭ 95 (+171.43%)
Mutual labels:  pkcs11
View All Similar Projects ➔

SCD-PKCS#11

The scd-pkcs#11 module is a prototype / proof of concept PKCS#11 provider interfacing to GnuPG's smart card daemon (scdaemon).

It allows PKCS#11 aware applications such as Firefox or OpenSSH to use smart cards via GnuPG's builtin smart card support. scd-pkcs#11 is an alternative to the OpenSC PKCS#11 module.

Component Overview

Scenario A - with SCD-PKCS#11

This Scenario is the focus of this project.

USB SmartCard
  |-- scdaemon -- gpg-agent -- GnuPG / SSH (via gpg-agent's builtin ssh-agent)
                    |-- SCD-PKCS#11 provider
                          |-- client app (Firefox, SSH, ...)

Scenario B - with and without SCD-PKCS#11

Problem: scdaemon needs exclusive access to the smart card

USB SmartCard
  |-- pcscd
  |     |-- CCID driver
  |           |-- PKCS#11 provider (e.g. opensc-pkcs11.so)
  |                 |-- client app (Firefox, SSH, ...)
  |
  |-- scdaemon ---- gpg-agent -- GnuPG (or SSH via gpg-agent builtin ssh-agent)
                          |-- SCD-PKCS#11 provider
                                |-- client app

Scenario C - without SCD-PKCS#11, but with gnupg-pkcs11-scd:

USB token
  |-- pcscd
        |-- CCID driver
              |-- PKCS#11 provider (e.g. opensc-pkcs11.so)
                    |-- client app (Firefox, SSH, ...)
                    |-- gnupg-pkcs11-scd (alternative scdaemon)
                          |-- gpg-agent -- GnuPG

Scenario D - OSX component overview

USB token -- PCSCD -- CCID driver bundle -- PKCS#11 provider -- client app
  |-- .. .. .. .. .. .. |-- tokend -- tokend.bundle -- Keychain -- OSX App (Safari, Chrome, ...)
  |
  |-- scdaemon -- gpg-agent -- GnuPG
                    |-- SCD-PKCS#11 provider -- client app

Problems:

  • scdaemon and CCID do not work simultaneously.
  • scdaemon does not quit after use.
  • CCID is not up to date. New hardware may need custom drivers.
  • tokend is not well documented. The relevant open source OpenSC.tokend seems to lack maintenance since OSX 10.6, but appears to work (even if somewhat by coincidence).

Compiling / Installation

Please read the wiki installation page.

Quick-Install from source:

./configure
make
make install

That's it. See the wiki for further documentation.

Quick Installation on OSX / macOS

brew install sektioneins/tap/scd-pkcs11

Related Projects

  • Scute - "Scute is a PKCS #11 module that adds support for the OpenPGP smartcard card to the Mozilla Network Security Services (NSS)."
  • YKCS11 - "This is a PKCS#11 module that allows to communicate with the PIV application running on a YubiKey."

Feedback

Please use the issue tracker.

When reporting a bug, please provide

  • Operating System and version
  • library version, e.g. commit id or package version
  • PKCS#11 client, e.g. Firefox
  • Short description of what to do to reproduce the bug
  • If needed, log files, screen shots, additional information.

License

Copyright (C) 2015-2018 SektionEins GmbH / Ben Fuhrmannek

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].