Re: Getting a personal smart card

["Geoffrey Gowey" <gjgowey () gmail com>]

I'm not entirely certain that is how these devices operate.  I could
be wrong on this, but I think they already come preloaded with a
unique, non-interchangeable private key.  If the key is
lost/stolen/damaged then the certificate would be revoked by your
internal CA.  These models may be different though, but I would need
to read the docs to see.



On 7/8/08, Johann MacDonagh <johann () macdonaghs com> wrote:
> I would keep an encrypted archive copy of my certs and signed keys
> (PGP) in a safe location, so if the key is damaged, I can simply get a
> new one and import the old certs.
>
> I'm also looking at the Aladdin eToken. Correct me if I'm wrong, but
> any system that has support for PKCS #11 should be able to read from
> it, right?
>
> Johann
>
> On 7/7/08, Geoffrey J Gowey <gjgowey () gmail com> wrote:
> > Your problem with a device such as this is that if the device is
> > lost/damaged/destroyed then you're out of business.  They're good for
> > companies with a centralized setup since they can be replaced and the
> > credentials changed, but for personal use it gets much more complicated.
> >
> > Sent from my BlackBerry wireless handheld.
> >
> > -----Original Message-----
> > From: Johann MacDonagh <johann () macdonaghs com>
> >
> > Date: Mon, 7 Jul 2008 17:50:28
> > To: <security-basics () securityfocus com>
> > Subject: Getting a personal smart card
> >
> >
> > Hey all,
> >
> > If anyone was following my previous message, I was discussing unique
> > password complexity. I also mentioned that I would love to have a personal
> > smart card for personal authentication.
> >
> > I may have found one:
> > http://athena-scs.com/product.asp?pid=33
> >
> > The USB connection means that I don't have to buy a separate reader for
> > computer systems. Sweet!
> >
> > I just wonder what I can use this for. From what I understand, I can use
> > it to log into Windows, OS X, and Linux systems by simply plugging in the
> > USB key and entering in my PIN, right? Also, I guess support is built into
> > OS X, but requires software installation for Linux and Windows (although
> > depending on the distro, it may already be available on the Linux system).
> >
> > So, if I have a x.509 cert for e-mail signing and a PGP key, I assume I
> > can upload both of those onto there and remove them from my computer
> > system. Then, whenever an application (a supported application) requires
> > one or the other, it can query my smart card. All encryption is done on
> > the chip, so the computer system never even sees the private key.
> >
> > Has anyone used these kinds of systems? Purely a geek toy or did they make
> > your life easier? Is Athena known for interoperability between systems?
> >
> > Thanks,
> > Johann

-- 
Sent from Gmail for mobile | mobile.google.com

Kindest Regards,

Geoff