KDE 4.x - SOLID - smart card integration
Gaetano Andrea Callea
callea.gaetano.andrea at gmail.com
Mon Feb 23 20:36:31 GMT 2009
Hi all,
i have an itch that i can't scratch since i'm not a programmer and learning
would take too long for this to get done; so i want to propose it to you.
it basically is about including support for Smart Cards and Smart Card
Readers in Solid (at a "lower level" in KDE 4) in order to be able to use
them in every application that could make use of them.
The first things that come to my mind are about using the Smart Card and
Reader to use and store GPG keys in one and only place instead of spreading
them across many computers and use the Smart Card and Reader in combination
with KGPG (at least for one's own key pair); or use the Smart Card and
Reader to login into the desktop only if it's inserted (so integration with
KDM); or use the Smart Card and Reader to sign emails (so integration with
KGPG and KMail); or use Smart Card and Reader to encrypt a chat (so
integration with Kopete); or use the Smart Card and Reader to sign to/start
remote sessions (so integration with KRDC/KRFB); I'm sure there are many
other possibilities but these are the few i tought of.
There are at least two smart card compatible with GPG: the FSFE Fellowship
one[0] and this one[1]; and there are a few smart card readers compatible
with Linux that you can either find here[2] or at kernelconcepts[3]. The
only negative thing about these GPG cards is that they are limitedto RSA
1024 keys and don't support X.509 certificates.[4][5] I hope that one day
they'll produce something more "serious".
The importance of Smart Cards and Readers nowadays is relevant enough to
start thinking about serious integration in everyday computing.
In many countries a growing number of services based on smart card are being
adopted. For example your bank or national security number or health system
card or electronic signature. Whether we like it or not smart card are
becoming an important part of everyday life.
About Smart Card login: this should be easily feasible by installing the
right libs and a bit of configuration. Unfortunately I didn't manage to do
it myself but the tools seem to be all there (with pcsc-lite, ccid, pksc#11
virtually all card will work)[4] and some distro include libpam-poldi[6]
(unfortunately not fedora) to enable login with the GPG (both Fellowship and
OpenPGP) smart card. Apparently at the moment this lib is the only way to
get this working.
There already is (at least) a bug[7] for a similar issue but it is about
creating a GUI for something of a higer level, but I think it's better to
think different here and make real integration in Solid. As you read before
the tools to make this happen are all virtually here depending on which
standard you card and reader are based on; but at the moment this is not
possible natively on KDE 4 with a graphical interface and/or integrated in
programs such as kgpg, kmail, kdm, kopete, krfb, krdc, etcetera.
Another thing "we" can think about it's hardware to work on. Everybody knows
that developing for hardware (be it a driver or something like what we are
talking about) without the hardware itself can be difficult to say the very
least.
Here's what I propose on this matter: KDE could arrange a settlement on
smart card and reader donations or deals either from FSFE Fellowship or
kernelconcepts. This would be a win-win situation both for KDE, Fellowship
and users.
i hope you like it and that it is feasible.
cheers
[0] FSFE Fellowship card: http://fellowship.fsfe.org/en/card
[1] OpenPGP card: http://www.g10code.de/p-card.html
[2] GPG Fellwoship card HOWTO:
http://www.gnupg.org/howtos/card-howto/en/ch02s02.html
[3] kernelconcepts:
http://www.kernelconcepts.de/en/shop/products/security.shtml?hardware
[4] some good FAQ: http://www.opensc-project.org/faq.html (scroll down to
Fellowship card limitations)
[5] pdf of gpg card specs: http://g10code.com/docs/openpgp-card-1.1.pdf
[6] libpam-poldi at debian packages:
http://packages.debian.org/sid/libpam-poldi ||
http://packages.debian.org/search?keywords=libpam-poldi
[7] bug open for similar but not quite likely issue:
http://bugs.kde.org/show_bug.cgi?id=116201
--
Callea Gaetano Andrea
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090223/0de9bba1/attachment.htm>
More information about the kde-core-devel
mailing list