<div>Basic hardware support in Solid would probably be rather trivial but that's not what you're asking for here. This sounds like something that should be integrated into QCA. I have a card reader and card that I could use to do the hardware integration.</div>
<div>Chris<br><br></div>
<div class="gmail_quote">2009/2/23 Adriaan de Groot <span dir="ltr"><<a href="mailto:groot@kde.org">groot@kde.org</a>></span><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Kind of belongs on this list<br><br><br>---------- Forwarded message ----------<br>From: Gaetano Andrea Callea <<a href="mailto:callea.gaetano.andrea@gmail.com">callea.gaetano.andrea@gmail.com</a>><br>
To: <a href="mailto:kde-core-devel@kde.org">kde-core-devel@kde.org</a><br>Date: Mon, 23 Feb 2009 21:36:31 +0100<br>Subject: KDE 4.x - SOLID - smart card integration<br>Hi all,<br><br>i have an itch that i can't scratch since i'm not a programmer and learning would take too long for this to get done; so i want to propose it to you.<br>
<br>it basically is about including support for Smart Cards and Smart Card Readers in Solid (at a "lower level" in KDE 4) in order to be able to use them in every application that could make use of them.<br><br>
The first things that come to my mind are about using the Smart Card and Reader to use and store GPG keys in one and only place instead of spreading them across many computers and use the Smart Card and Reader in combination with KGPG (at least for one's own key pair); or use the Smart Card and Reader to login into the desktop only if it's inserted (so integration with KDM); or use the Smart Card and Reader to sign emails (so integration with KGPG and KMail); or use Smart Card and Reader to encrypt a chat (so integration with Kopete); or use the Smart Card and Reader to sign to/start remote sessions (so integration with KRDC/KRFB); I'm sure there are many other possibilities but these are the few i tought of.<br>
<br>There are at least two smart card compatible with GPG: the FSFE Fellowship one[0] and this one[1]; and there are a few smart card readers compatible with Linux that you can either find here[2] or at kernelconcepts[3]. The only negative thing about these GPG cards is that they are limitedto RSA 1024 keys and don't support X.509 certificates.[4][5] I hope that one day they'll produce something more "serious".<br>
<br>The importance of Smart Cards and Readers nowadays is relevant enough to start thinking about serious integration in everyday computing. <br>In many countries a growing number of services based on smart card are being adopted. For example your bank or national security number or health system card or electronic signature. Whether we like it or not smart card are becoming an important part of everyday life.<br>
<br>About Smart Card login: this should be easily feasible by installing the right libs and a bit of configuration. Unfortunately I didn't manage to do it myself but the tools seem to be all there (with pcsc-lite, ccid, pksc#11 virtually all card will work)[4] and some distro include libpam-poldi[6] (unfortunately not fedora) to enable login with the GPG (both Fellowship and OpenPGP) smart card. Apparently at the moment this lib is the only way to get this working.<br>
<br>There already is (at least) a bug[7] for a similar issue but it is about creating a GUI for something of a higer level, but I think it's better to think different here and make real integration in Solid. As you read before the tools to make this happen are all virtually here depending on which standard you card and reader are based on; but at the moment this is not possible natively on KDE 4 with a graphical interface and/or integrated in programs such as kgpg, kmail, kdm, kopete, krfb, krdc, etcetera.<br>
<br>Another thing "we" can think about it's hardware to work on. Everybody knows that developing for hardware (be it a driver or something like what we are talking about) without the hardware itself can be difficult to say the very least.<br>
<br>Here's what I propose on this matter: KDE could arrange a settlement on smart card and reader donations or deals either from FSFE Fellowship or kernelconcepts. This would be a win-win situation both for KDE, Fellowship and users.<br>
<br>i hope you like it and that it is feasible.<br>cheers<br><br>[0] FSFE Fellowship card: <a href="http://fellowship.fsfe.org/en/card" target="_blank">http://fellowship.fsfe.org/en/card</a><br>[1] OpenPGP card: <a href="http://www.g10code.de/p-card.html" target="_blank">http://www.g10code.de/p-card.html</a><br>
[2] GPG Fellwoship card HOWTO: <a href="http://www.gnupg.org/howtos/card-howto/en/ch02s02.html" target="_blank">http://www.gnupg.org/howtos/card-howto/en/ch02s02.html</a><br>[3] kernelconcepts: <a href="http://www.kernelconcepts.de/en/shop/products/security.shtml?hardware" target="_blank">http://www.kernelconcepts.de/en/shop/products/security.shtml?hardware</a><br>
[4] some good FAQ: <a href="http://www.opensc-project.org/faq.html" target="_blank">http://www.opensc-project.org/faq.html</a> (scroll down to Fellowship card limitations)<br>[5] pdf of gpg card specs: <a href="http://g10code.com/docs/openpgp-card-1.1.pdf" target="_blank">http://g10code.com/docs/openpgp-card-1.1.pdf</a><br>
[6] libpam-poldi at debian packages: <a href="http://packages.debian.org/sid/libpam-poldi" target="_blank">http://packages.debian.org/sid/libpam-poldi</a> || <a href="http://packages.debian.org/search?keywords=libpam-poldi" target="_blank">http://packages.debian.org/search?keywords=libpam-poldi</a><br>
[7] bug open for similar but not quite likely issue: <a href="http://bugs.kde.org/show_bug.cgi?id=116201" target="_blank">http://bugs.kde.org/show_bug.cgi?id=116201</a><br><br>-- <br>Callea Gaetano Andrea<br><br><br>_______________________________________________<br>
Kde-hardware-devel mailing list<br><a href="mailto:Kde-hardware-devel@kde.org">Kde-hardware-devel@kde.org</a><br><a href="https://mail.kde.org/mailman/listinfo/kde-hardware-devel" target="_blank">https://mail.kde.org/mailman/listinfo/kde-hardware-devel</a><br>
<br></blockquote></div><br>