User Tools

Site Tools


project:cryptotoken:start

CryptoToken

CryptoToken
cryptotoken.jpg
founder:
depends on:
interested:
software license: -
hardware license: -

~~META: status = done &relation firstimage = :project:cryptotoken.jpg ~~

The aim of the project is to explore uses of cryptographic tokens, starting with Feitian ePass 2003. At first basic features like use for SSH and GnuPG, later possibly extended options provided by OpenSC and PKCS#11 interface - e.g. code signing, TLS client certificates.

Token documentation

Notes and prepared packages

epass2003 hacking and debugging

Workshop

Workshop took place in February. Few notes below.

Workshop notes

The token offers multiple interfaces:

OpenSC >= 0.13.0 required. Check OpenSC on github for recent fixes, I've commited some to upstream.

Other tutorials on gooze.eu.

GnuPG support is kind of hackish, PKCS#11 mostly works except for replug bug - if token is replugged while long-running app like Firefox or gpg-agent is still running, it won't get reinitialized correctly. The OpenSC driver should reissue SCP-01 handshake after ATR, but doesn't.

Yubikey Neo

The Yubikey Neo with NFC seems interesting, too. It's the standard Yubikey with NFC NDEF type 4 tags and Mifare classic interface. Applications:

Issues:

  • not much technical information yet (“Yubico will share more information on how this can be used in Q1, 2013”)
    • product page says something about Common Criteria certified bank grade authentication ICs, but what EAL level?
  • does attacking via Mifare Classic interface reveal random seeds or RNG states usable for other interfaces? (HID, NFC)

Yubikey has its own PAM module pam_yubico which is quite configurable. E.g. it can provide two-factor auth or replacing passwords with OTP.

project/cryptotoken/start.txt · Last modified: 2016/11/28 01:59 by ruza