Notes on working with HSMs¶
Aventra MyEID¶
- use options files with
pkcs15-init
! The command line is weird and flaky - ACS ACR38T card reader requires an extra lib to work with
pcscd
:apt-get install libacr38u
- requires Debian package
opensc
0.13.0-4 or newer to work, oropensc
from master in git - full details: https://guardianproject.info/2014/03/28/security-in-a-thumb-drive-the-promise-and-pain-of-hardware-security-modules-take-one/
crypto-stick¶
- OpenPGP Card like GnuPG
- requires
libccid
1.4.16 to be fully recognized - RSA 4096 max
Yubikey Neo PIV¶
- PIV is non-upgradable beta
- has both OpenPGP and PIV applets on the card
- has OTP and password features
- very nice USB form factor
- RSA 2048 max
Feitian ePass2003¶
- seems to have been developed with free software projects in mind
- proprietary firmware
- has specific support in the OpenSC Ubuntu packages
- nice USB form factor
- cheap! 5 for US$70
- RSA 2048 max
- http://www.uselessbrain.org/wiki/index.php/Token.ePass_2003
ACS ACOS5-64¶
- ACOS5-64 Cryptographic Smart Card
- CryptoMate64 USB Cryptographic Token
- cheap card that supports RSA 4096
- partially complete OpenSC support, stalled 3 years ago
- available in USB thumb form, called CryptoMate64