[Kde-hardware-devel] Fwd: KDE 4.x - SOLID - smart card integration

Christopher Blauvelt cblauvelt at gmail.com
Mon Feb 23 22:37:41 CET 2009 

Basic hardware support in Solid would probably be rather trivial but that's
not what you're asking for here.  This sounds like something that should be
integrated into QCA.  I have a card reader and card that I could use to do
the hardware integration.
Chris

2009/2/23 Adriaan de Groot <groot at kde.org>

> Kind of belongs on this list
>
>
> ---------- Forwarded message ----------
> From: Gaetano Andrea Callea <callea.gaetano.andrea at gmail.com>
> To: kde-core-devel at kde.org
> Date: Mon, 23 Feb 2009 21:36:31 +0100
> Subject: KDE 4.x - SOLID - smart card integration
> Hi all,
>
> i have an itch that i can't scratch since i'm not a programmer and learning
> would take too long for this to get done; so i want to propose it to you.
>
> it basically is about including support for Smart Cards and Smart Card
> Readers in Solid (at a "lower level" in KDE 4) in order to be able to use
> them in every application that could make use of them.
>
> The first things that come to my mind are about using the Smart Card and
> Reader to use and store GPG keys in one and only place instead of spreading
> them across many computers and use the Smart Card and Reader in combination
> with KGPG (at least for one's own key pair); or use the Smart Card and
> Reader to login into the desktop only if it's inserted (so integration with
> KDM); or use the Smart Card and Reader to sign emails (so integration with
> KGPG and KMail); or use Smart Card and Reader to encrypt a chat (so
> integration with Kopete); or use the Smart Card and Reader to sign to/start
> remote sessions (so integration with KRDC/KRFB); I'm sure there are many
> other possibilities but these are the few i tought of.
>
> There are at least two smart card compatible with GPG: the FSFE Fellowship
> one[0] and this one[1]; and there are a few smart card readers compatible
> with Linux that you can either find here[2] or at kernelconcepts[3]. The
> only negative thing about these GPG cards is that they are limitedto RSA
> 1024 keys and don't support X.509 certificates.[4][5] I hope that one day
> they'll produce something more "serious".
>
> The importance of Smart Cards and Readers nowadays is relevant enough to
> start thinking about serious integration in everyday computing.
> In many countries a growing number of services based on smart card are
> being adopted. For example your bank or national security number or health
> system card or electronic signature. Whether we like it or not smart card
> are becoming an important part of everyday life.
>
> About Smart Card login: this should be easily feasible by installing the
> right libs and a bit of configuration. Unfortunately I didn't manage to do
> it myself but the tools seem to be all there (with pcsc-lite, ccid, pksc#11
> virtually all card will work)[4] and some distro include libpam-poldi[6]
> (unfortunately not fedora) to enable login with the GPG (both Fellowship and
> OpenPGP) smart card. Apparently at the moment this lib is the only way to
> get this working.
>
> There already is (at least) a bug[7] for a similar issue but it is about
> creating a GUI for something of a higer level, but I think it's better to
> think different here and make real integration in Solid. As you read before
> the tools to make this happen are all virtually here depending on which
> standard you card and reader are based on; but at the moment this is not
> possible natively on KDE 4 with a graphical interface and/or integrated in
> programs such as kgpg, kmail, kdm, kopete, krfb, krdc, etcetera.
>
> Another thing "we" can think about it's hardware to work on. Everybody
> knows that developing for hardware (be it a driver or something like what we
> are talking about) without the hardware itself can be difficult to say the
> very least.
>
> Here's what I propose on this matter: KDE could arrange a settlement on
> smart card and reader donations or deals either from FSFE Fellowship or
> kernelconcepts. This would be a win-win situation both for KDE, Fellowship
> and users.
>
> i hope you like it and that it is feasible.
> cheers
>
> [0] FSFE Fellowship card: http://fellowship.fsfe.org/en/card
> [1] OpenPGP card: http://www.g10code.de/p-card.html
> [2] GPG Fellwoship card HOWTO:
> http://www.gnupg.org/howtos/card-howto/en/ch02s02.html
> [3] kernelconcepts:
> http://www.kernelconcepts.de/en/shop/products/security.shtml?hardware
> [4] some good FAQ: http://www.opensc-project.org/faq.html (scroll down to
> Fellowship card limitations)
> [5] pdf of gpg card specs: http://g10code.com/docs/openpgp-card-1.1.pdf
> [6] libpam-poldi at debian packages:
> http://packages.debian.org/sid/libpam-poldi ||
> http://packages.debian.org/search?keywords=libpam-poldi
> [7] bug open for similar but not quite likely issue:
> http://bugs.kde.org/show_bug.cgi?id=116201
>
> --
> Callea Gaetano Andrea
>
>
> _______________________________________________
> Kde-hardware-devel mailing list
> Kde-hardware-devel at kde.org
> https://mail.kde.org/mailman/listinfo/kde-hardware-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/kde-hardware-devel/attachments/20090223/98efb378/attachment.htm

More information about the Kde-hardware-devel mailing list