[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-hardware-devel
Subject: Re: [Kde-hardware-devel] Fwd: KDE 4.x - SOLID - smart card
From: Christopher Blauvelt <cblauvelt () gmail ! com>
Date: 2009-02-23 21:37:41
Message-ID: ffa898c90902231337l5c96012exddee02f449d6b6a3 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Basic hardware support in Solid would probably be rather trivial but that's
not what you're asking for here. This sounds like something that should be
integrated into QCA. I have a card reader and card that I could use to do
the hardware integration.
Chris
2009/2/23 Adriaan de Groot <groot@kde.org>
> Kind of belongs on this list
>
>
> ---------- Forwarded message ----------
> From: Gaetano Andrea Callea <callea.gaetano.andrea@gmail.com>
> To: kde-core-devel@kde.org
> Date: Mon, 23 Feb 2009 21:36:31 +0100
> Subject: KDE 4.x - SOLID - smart card integration
> Hi all,
>
> i have an itch that i can't scratch since i'm not a programmer and learning
> would take too long for this to get done; so i want to propose it to you.
>
> it basically is about including support for Smart Cards and Smart Card
> Readers in Solid (at a "lower level" in KDE 4) in order to be able to use
> them in every application that could make use of them.
>
> The first things that come to my mind are about using the Smart Card and
> Reader to use and store GPG keys in one and only place instead of spreading
> them across many computers and use the Smart Card and Reader in combination
> with KGPG (at least for one's own key pair); or use the Smart Card and
> Reader to login into the desktop only if it's inserted (so integration with
> KDM); or use the Smart Card and Reader to sign emails (so integration with
> KGPG and KMail); or use Smart Card and Reader to encrypt a chat (so
> integration with Kopete); or use the Smart Card and Reader to sign to/start
> remote sessions (so integration with KRDC/KRFB); I'm sure there are many
> other possibilities but these are the few i tought of.
>
> There are at least two smart card compatible with GPG: the FSFE Fellowship
> one[0] and this one[1]; and there are a few smart card readers compatible
> with Linux that you can either find here[2] or at kernelconcepts[3]. The
> only negative thing about these GPG cards is that they are limitedto RSA
> 1024 keys and don't support X.509 certificates.[4][5] I hope that one day
> they'll produce something more "serious".
>
> The importance of Smart Cards and Readers nowadays is relevant enough to
> start thinking about serious integration in everyday computing.
> In many countries a growing number of services based on smart card are
> being adopted. For example your bank or national security number or health
> system card or electronic signature. Whether we like it or not smart card
> are becoming an important part of everyday life.
>
> About Smart Card login: this should be easily feasible by installing the
> right libs and a bit of configuration. Unfortunately I didn't manage to do
> it myself but the tools seem to be all there (with pcsc-lite, ccid, pksc#11
> virtually all card will work)[4] and some distro include libpam-poldi[6]
> (unfortunately not fedora) to enable login with the GPG (both Fellowship and
> OpenPGP) smart card. Apparently at the moment this lib is the only way to
> get this working.
>
> There already is (at least) a bug[7] for a similar issue but it is about
> creating a GUI for something of a higer level, but I think it's better to
> think different here and make real integration in Solid. As you read before
> the tools to make this happen are all virtually here depending on which
> standard you card and reader are based on; but at the moment this is not
> possible natively on KDE 4 with a graphical interface and/or integrated in
> programs such as kgpg, kmail, kdm, kopete, krfb, krdc, etcetera.
>
> Another thing "we" can think about it's hardware to work on. Everybody
> knows that developing for hardware (be it a driver or something like what we
> are talking about) without the hardware itself can be difficult to say the
> very least.
>
> Here's what I propose on this matter: KDE could arrange a settlement on
> smart card and reader donations or deals either from FSFE Fellowship or
> kernelconcepts. This would be a win-win situation both for KDE, Fellowship
> and users.
>
> i hope you like it and that it is feasible.
> cheers
>
> [0] FSFE Fellowship card: http://fellowship.fsfe.org/en/card
> [1] OpenPGP card: http://www.g10code.de/p-card.html
> [2] GPG Fellwoship card HOWTO:
> http://www.gnupg.org/howtos/card-howto/en/ch02s02.html
> [3] kernelconcepts:
> http://www.kernelconcepts.de/en/shop/products/security.shtml?hardware
> [4] some good FAQ: http://www.opensc-project.org/faq.html (scroll down to
> Fellowship card limitations)
> [5] pdf of gpg card specs: http://g10code.com/docs/openpgp-card-1.1.pdf
> [6] libpam-poldi at debian packages:
> http://packages.debian.org/sid/libpam-poldi ||
> http://packages.debian.org/search?keywords=libpam-poldi
> [7] bug open for similar but not quite likely issue:
> http://bugs.kde.org/show_bug.cgi?id=116201
>
> --
> Callea Gaetano Andrea
>
>
> _______________________________________________
> Kde-hardware-devel mailing list
> Kde-hardware-devel@kde.org
> https://mail.kde.org/mailman/listinfo/kde-hardware-devel
>
>
[Attachment #5 (text/html)]
<div>Basic hardware support in Solid would probably be rather trivial but that's \
not what you're asking for here. This sounds like something that should be \
integrated into QCA. I have a card reader and card that I could use to do the \
hardware integration.</div>
<div>Chris<br><br></div>
<div class="gmail_quote">2009/2/23 Adriaan de Groot <span dir="ltr"><<a \
href="mailto:groot@kde.org">groot@kde.org</a>></span><br> <blockquote \
class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: \
#ccc 1px solid">Kind of belongs on this list<br><br><br>---------- Forwarded message \
----------<br>From: Gaetano Andrea Callea <<a \
href="mailto:callea.gaetano.andrea@gmail.com">callea.gaetano.andrea@gmail.com</a>><br>
To: <a href="mailto:kde-core-devel@kde.org">kde-core-devel@kde.org</a><br>Date: Mon, \
23 Feb 2009 21:36:31 +0100<br>Subject: KDE 4.x - SOLID - smart card \
integration<br>Hi all,<br><br>i have an itch that i can't scratch since i'm \
not a programmer and learning would take too long for this to get done; so i want to \
propose it to you.<br> <br>it basically is about including support for Smart Cards \
and Smart Card Readers in Solid (at a "lower level" in KDE 4) in order to \
be able to use them in every application that could make use of them.<br><br> The \
first things that come to my mind are about using the Smart Card and Reader to use \
and store GPG keys in one and only place instead of spreading them across many \
computers and use the Smart Card and Reader in combination with KGPG (at least for \
one's own key pair); or use the Smart Card and Reader to login into the desktop \
only if it's inserted (so integration with KDM); or use the Smart Card and Reader \
to sign emails (so integration with KGPG and KMail); or use Smart Card and Reader to \
encrypt a chat (so integration with Kopete); or use the Smart Card and Reader to sign \
to/start remote sessions (so integration with KRDC/KRFB); I'm sure there are many \
other possibilities but these are the few i tought of.<br> <br>There are at least two \
smart card compatible with GPG: the FSFE Fellowship one[0] and this one[1]; and there \
are a few smart card readers compatible with Linux that you can either find here[2] \
or at kernelconcepts[3]. The only negative thing about these GPG cards is that they \
are limitedto RSA 1024 keys and don't support X.509 certificates.[4][5] I hope \
that one day they'll produce something more "serious".<br> <br>The \
importance of Smart Cards and Readers nowadays is relevant enough to start thinking \
about serious integration in everyday computing. <br>In many countries a growing \
number of services based on smart card are being adopted. For example your bank or \
national security number or health system card or electronic signature. Whether we \
like it or not smart card are becoming an important part of everyday life.<br> \
<br>About Smart Card login: this should be easily feasible by installing the right \
libs and a bit of configuration. Unfortunately I didn't manage to do it myself \
but the tools seem to be all there (with pcsc-lite, ccid, pksc#11 virtually all card \
will work)[4] and some distro include libpam-poldi[6] (unfortunately not fedora) to \
enable login with the GPG (both Fellowship and OpenPGP) smart card. Apparently at the \
moment this lib is the only way to get this working.<br> <br>There already is (at \
least) a bug[7] for a similar issue but it is about creating a GUI for something of a \
higer level, but I think it's better to think different here and make real \
integration in Solid. As you read before the tools to make this happen are all \
virtually here depending on which standard you card and reader are based on; but at \
the moment this is not possible natively on KDE 4 with a graphical interface and/or \
integrated in programs such as kgpg, kmail, kdm, kopete, krfb, krdc, etcetera.<br> \
<br>Another thing "we" can think about it's hardware to work on. \
Everybody knows that developing for hardware (be it a driver or something like what \
we are talking about) without the hardware itself can be difficult to say the very \
least.<br> <br>Here's what I propose on this matter: KDE could arrange a \
settlement on smart card and reader donations or deals either from FSFE Fellowship or \
kernelconcepts. This would be a win-win situation both for KDE, Fellowship and \
users.<br> <br>i hope you like it and that it is feasible.<br>cheers<br><br>[0] FSFE \
Fellowship card: <a href="http://fellowship.fsfe.org/en/card" \
target="_blank">http://fellowship.fsfe.org/en/card</a><br>[1] OpenPGP card: <a \
href="http://www.g10code.de/p-card.html" \
target="_blank">http://www.g10code.de/p-card.html</a><br> [2] GPG Fellwoship card \
HOWTO: <a href="http://www.gnupg.org/howtos/card-howto/en/ch02s02.html" \
target="_blank">http://www.gnupg.org/howtos/card-howto/en/ch02s02.html</a><br>[3] \
kernelconcepts: <a href="http://www.kernelconcepts.de/en/shop/products/security.shtml?hardware" \
target="_blank">http://www.kernelconcepts.de/en/shop/products/security.shtml?hardware</a><br>
[4] some good FAQ: <a href="http://www.opensc-project.org/faq.html" \
target="_blank">http://www.opensc-project.org/faq.html</a> (scroll down to Fellowship \
card limitations)<br>[5] pdf of gpg card specs: <a \
href="http://g10code.com/docs/openpgp-card-1.1.pdf" \
target="_blank">http://g10code.com/docs/openpgp-card-1.1.pdf</a><br> [6] libpam-poldi \
at debian packages: <a href="http://packages.debian.org/sid/libpam-poldi" \
target="_blank">http://packages.debian.org/sid/libpam-poldi</a> || <a \
href="http://packages.debian.org/search?keywords=libpam-poldi" \
target="_blank">http://packages.debian.org/search?keywords=libpam-poldi</a><br> [7] \
bug open for similar but not quite likely issue: <a \
href="http://bugs.kde.org/show_bug.cgi?id=116201" \
target="_blank">http://bugs.kde.org/show_bug.cgi?id=116201</a><br><br>-- <br>Callea \
Gaetano Andrea<br><br><br>_______________________________________________<br> \
Kde-hardware-devel mailing list<br><a \
href="mailto:Kde-hardware-devel@kde.org">Kde-hardware-devel@kde.org</a><br><a \
href="https://mail.kde.org/mailman/listinfo/kde-hardware-devel" \
target="_blank">https://mail.kde.org/mailman/listinfo/kde-hardware-devel</a><br> \
<br></blockquote></div><br>
_______________________________________________
Kde-hardware-devel mailing list
Kde-hardware-devel@kde.org
https://mail.kde.org/mailman/listinfo/kde-hardware-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic