Hello, On Mar 28, 2010, at 10:53 , Jean-Michel Pouré - GOOZE wrote: > I searched for a smart card GUI and could not find any. Terms such as "smart card GUI" and "smart card application" are really vague, especially if you're talking about smart cards with PKI/cryptography in mind.
Firefox and Thunderbird for example provide smart card GUI-s as they are GUI applications with PKCS#11 capabilities. For smart card applications, I would argue that muscle applet and the OSS MRTD applet are smart card applications (applications that reside inside a smart card). I guess none of the above matches your idea of a GUI or an application. > After having a look around, I think that GnoMint GnoMint is a "CA" software that describes exactly what it does on the first line of features list: """Creating all the infrastructure to keep and run a Certification Authority, saved in only one file.""" The only extension to a CA software would be using PKCS#11 for storing the CA signing key on a smart card (or HSM with PKCS#11 module) GnoMind is not listed on the ApplicationSupport page because it does not advertise any kind of PKCS#11 support. It works with files and probably is a frontend to OpenSSL. Maybe the author wants to integrate engine_pkcs11 support into it. CA software that *does* support PKCS#11 does exist in the wiki: http://www.opensc-project.org/opensc/wiki/ApplicationSupport#PKICA (I just checked OpenCA source, the OpenSC support is via command line tools not via PKCS#11, will investigate) > and Seahorse could be a good candidates, because they offer basic X.509 > certificate management > features. I sent project leaders a Feitian PKI smartcard. An application similar to Seahorse is the Keychain Access.app on Mac OS X. It provides a GUI for the keychain services that is the "high level" interface to the CDSA implementation on Mac OS X. The Linux *-keyring efforts AFAIK deal with storing and managing passwords and other "secrets", they do not deal with smart cards as to provide services for operating with key references (so that actual operations would happen in the card via PKCS#11) but deal with raw key material. The situation might have changed, but last time I checked out the relevant Linux applications and their infrastructures, it was not possible nor really sensible to extend their functionality. The closest thing to a useful infrastructure project on Linux might be the Qt QCA, which has PKCS#11 support thanks to Alon Bar-Lev. See http://sites.google.com/site/alonbarlev/qca-pkcs11 for more information. This, of course, is not compatible with the Gnome camp or in other words suffers the normal Linux fragmentation problem :) > Feel free to contact them if you would like to provide some help. Some time ago there was an effort from the freedesktop.org folks to make a "unified cross-desktop authentication subsystem" I tried to follow their e-mail list http://lists.freedesktop.org/mailman/listinfo/authentication but there seemed to be zero interest in authentication other than password storage. Maybe this has changed as well. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
