This is an old revision of the document!


CryptoToken

CryptoToken
cryptotoken.jpg
founder:
depends on:
interested:
software license: -
hardware license: -
status: active

The aim of the project is to explore uses of cryptographic tokens, starting with Feitian ePass 2003. At first basic features like use for SSH and GnuPG, later possibly extended options provided by OpenSC and PKCS#11 interface - e.g. code signing, TLS client certificates.

Token documentation

Order

Person Number of tokens
abyssal 4
biiter 1
kxt 1
ruza 1
tlapka 1
niekt0 1
JoHnY 1
pborky 1
Stevko 1
Czestmyr 1
lukash 2
Vatoz (Vaclav Cerny) 1
sargon 1
axtheb 1
Eremiell (Jakub Marek) 1
kappi 1

Order status

Tokens arrived by mail on 2013-01-30.

Payment

Either 450 CZK or 18 EUR, CZK preferred (8971.71 CZK total for 20 tokens, shipping included).

Write your nick/name the from the above table into payment's user info field, so that I can identify payments.

Currency CZ internal IBAN BIC/SWIFT
CZK 2100099326/2010 CZ8320100000002100099326 FIOBCZPPXXX
EUR 2800099327/2010 CZ7320100000002800099327 FIOBCZPPXXX

For extra paranoia, table with accounts signed with gnupg:

accounts.asc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
^ Currency ^ CZ internal      ^ IBAN                    ^ BIC/SWIFT   ^
| CZK      | 2100099326/2010 | CZ8320100000002100099326 | FIOBCZPPXXX |
| EUR      | 2800099327/2010 | CZ7320100000002800099327 | FIOBCZPPXXX |
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
 
iQEcBAEBCAAGBQJRAtQ9AAoJEAy6xNgMZCEgKUEIAKV5I2pj52IY3rwVCtI266qV
IDzDCF3Xt3RKGIddZdEliuc0q4zbsHJD5A47YYiLBUK49A4CdmSx+0aIx1nbIWfu
FwCakOUIBzrfOSisCtPLCTXlZYRBNnW3sS+LBN+OC5vGZ3gpkdFbD+4rMYuEEGPO
gURT4jgGvlrOd8wvBNX1jNWGG6P9nS9S1GjaCQ83ThVf/3Lc6aqjPykRVPFDTJ/t
RJEmgopuYFllB3/ibeqG/lBwnwEywLXUHf+CTpVXa4OXV8siAMXaSMVJvnJ8730R
TRc3glTZKsiFO38iLRlSFxAmJK/5IA9Txzcrjd6aeti0yCaIgxnC2+KIKWrSaVw=
=MeOp
-----END PGP SIGNATURE-----

Workshop

Worshop is planned for making the token work on *nix systems once the tokens arrive.

Workshop ideas

The token offers multiple interfaces, so we'd go likely in this order and see how far we can get:

OpenSC >= 0.12.2 recommended. AFAIK all rather modern Linux distros have it available (it's not in Debian Stable - Squeeze), Mac OS X has packages from gooze.eu available (in case those are not in Mac Ports).

Other tutorials on gooze.eu.

Yubikey Neo

The Yubikey Neo with NFC seems interesting, too. It's the standard Yubikey with NFC NDEF type 4 tags and Mifare classic interface. Applications:

Issues:

  • not much technical information yet (“Yubico will share more information on how this can be used in Q1, 2013”)
    • product page says something about Common Criteria certified bank grade authentication ICs, but what EAL level?
  • does attacking via Mifare Classic interface reveal random seeds or RNG states usable for other interfaces? (HID, NFC)

Yubikey has its own PAM module pam_yubico which is quite configurable. E.g. it can provide two-factor auth or replacing passwords with OTP.

 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki