I wrote an article on using a smart card for storing the private key material of my own certificate authority. This article was published in the November 2011 issue of BSD Magazine (http://www.bsdmag.org) and can be found here: http://www.ewak.net/blog/?p=101
Printer-friendly version
PDF versionLearn how to buy without VAT. Read our shipping policies. Validate your account using SMS to allow shipping small items at low price.
Buy the FEITIAN PKI card for only 12.90€. We ship to any European-Union country starting from 0.90 €. Learn more ...
Discover the best token for GNU/Linux, Mac OS X and Windows. Full support from OpenSC free software solutions, no proprietary driver needed.
Buy the FEITIAN ePass PKI token for only 34.90€ ... 30 day satisfied or cash back.
Order placed on GOOZE before 15:00 are shipped the same day. Orders placed after 15:00 are shipped next business day.
GOOZE and FEITIAN are happy to donate 20 Feitian PKI cards to Free Software projects. If your project meets certain criteria, please apply for a free card.
GOOZE is being translated into French. Thank you for your patience!
Blinklist
del.icio.us
Digg
Facebook
Favorite
Google
Google Buzz
Icerocket
LinkedIn
Newsvine
Propeller
Reddit
SlashDot
StumbleUpon
Technorati
Twitter
Yahoo
Re: HOW-TO: Equip your CA with a HSM for < 50 Euros
Very clear and nice article, thanks. To grow the community, people need to be able to purchase the smartcards and/or tokens. So I added a link to GOOZE in reply. Feel free to add a link inside the article, which is always nice.
Re: HOW-TO: Equip your CA with a HSM for < 50 Euros
Just for information, we will soon release a set of internal USB cables, for plugging the ePass2003 directly on motherboards. The cables have been ordered and we are waiting for them. This will allow users to build very cheap HSMs.
Re: HOW-TO: Equip your CA with a HSM for < 50 Euros
Will be interesting!
I do not know yet if the ePass 2003 will work with openssl for generating and storing certificates. I do not know the differences between the ePass and a "regular" smart card.
I'll update the how-to when i have played with it (I graciously received a free ePass for fixing the MAc OS x issue).
Re: HOW-TO: Equip your CA with a HSM for < 50 Euros
The old Feitian ePass PKI was composed of a CCID reader and a PKI chip, two different devices.
The ePass2003 is based on one single chip from ST Microelectronics and COS from Feitian. It is a completely integrated product offering CCID reader and PKI chip in ONE SINGLE device. Having a single device makes it more reliable, leaner and cheaper.
Also, the ePass2003 is going through a number of certifications, see our product page.