Hardware prerequisites

As a prerequisite, you will need:

A compliant USB smartcard reader and a smartcard.
Or a compliant USB token, which combines a reader and a smartcard chip in a usb key.

Should you choose to use smartcards or token?

The answer is simple, it depends on your needs:

People in organizations may prefer smartcards

Smartcards can be carried in wallet together with credit cards, therefore you may not loose it.

Smartcard reader are the preferred choice for a computer station (not a laptop). Smartcards are a little cheaper than token. If you do frequent inserts, it is a little bit easier to insert a card in a reader than to insert a token in an USB port. The USB port may not survive 10.000 inserts, a smartcard reader will.

Individual users may prefer token

We note that individual users may prefer token. It takes less place than a reader and a smartcard. This is the preferred choice for laptops.

Please note that the choice between smartcard and token is absolutely equivalent for technical reasons. In fact, the token is a mini smartcard reader with smartcard chip. Some proprietary token do not have security PIN codes. Our tokens and smartcards have a PIN code.

When building a security solution, you may use several smartcards/readers and several token. This is completely compatible.

Also, please note that GOOZE supports free software developers and you may apply for a free smartcard.

A compliant USB smartcard reader

OpenSC is the main community releasing free software for smartcards. OpenSC is included in all GNU/Linux distributions. It is also the main project for several electronic identity cards, making it a de-facto standard.

OpenSC supports a wide range of smart card readers using several subsystems:

pcsc+ccid backend: free software, no driver required, the all-time standard.
pcsc+proprietary ifhandler backend: only for proprietary drivers.
openct backend: mostly for proprietary drivers.

The recommended backend is pcsc+ccid. CCID is a high quality standard which allows readers to work under GNU/Linux, Mac OS X and Windows without additional drivers. Avoid other OpenSC backends, because it is proprietary software and usually, it does not fully works! Also, there is no garantee of support on the long run for proprietary solutions. For example, some OpenSC developers are discussing about dropping OpenCT support. You have been warned!

In GNU/Linux and in Mac OS X, the CCID compatibility library is pcsclite project. Therefore, if you buy a smartcard reader, check the list of pcsclite CCID supported smartcard readers. The list includes all CCID readers, which were benchmarked and tested with independant regression tests.

You may visit our shop, which sells only CCID compliant smart card readers.

A compliant cryptographic card

We recommend using a traditional PKI card like the Feitian PKI card, which is very well maintained by the OpenSC community. The Feitian PKI is a modern crypto card, with a real crypto engine. The Entersafe driver is available under a Free Software licence.

You may visit our shop, which sells the Feitian PKI card.

A compliant token

Some vendors have integrated a smartcard chip into a CCID smartcard reader, size of a USB key.

This is the case of Feitian, which offers the ePass PKI token and the ePass 2003 token.

You may visit our shop, which sells these tokens.

Not recommended ...

An OpenCT token: some crypto token use OpenCT backend because it makes cheaper hardware. Do not buy security token supported by OpenCT. Using OpenCT with our products may result in communication problems and bugs. There is a conflict on startup between pcsc daemon and openct daemon. Until further notice, OpenCT does not support security PINs. So if you loose your token, your secrets may be compromised. These token are not compliant with CCID and there is no garantee that it will supported forever by OpenSC.
A proprietary token: before you buy a token, make sure that the token does not require proprietary drivers, either in OpenCT or OpenSC ifhandler format. We recommend using only full CCID token, with compatible chip.
A Java card: most Java cards firmware are proprietary. Muscle project does offer a free Java card firmware. But Muscle is not really functional yet and/or demands to much skills to compile and install.

Known issues

You may read our know issues page now or later on during installation.

If you would like to ask any question, feel free to contact us. Gooze is independant from OpenSC and Feitian. We only sell compliant hardware with the idea to serve Free Software communities.

Bookmark/Search this post with

Learn how to buy without VAT. Read our shipping policies. Validate your account using SMS to allow shipping small items at low price.

Feitian PKI: 12.90€

Buy the FEITIAN PKI card for only 12.90€. We ship to any European-Union country starting from 0.90 €. Learn more ...

Feitian ePass PKI token: 34.90€

Discover the best token for GNU/Linux, Mac OS X and Windows. Full support from OpenSC free software solutions, no proprietary driver needed.

PIN code security.
RSA keys up to 2048bit.
Standard X.509 v3 certificates.
On-board RSA DES 3DES SHA1.
Both PKCS#11 and MS-CAPI.
64K user space.
Compatible with: Iceweasel, Firefox, Evolution, Seahorse, OpenSSL, OpenSSH, PAM P11 and PAM PKCS11 authentication modules, Strongswan, Putty CAC, WinSCP, LoopAES, Truecrypt, etc...
Tested with online CAs like CaCert.org and StartSSL.

Buy the FEITIAN ePass PKI token for only 34.90€ ... 30 day satisfied or cash back.

Fast delivery
Order placed on GOOZE before 15:00 are shipped the same day. Orders placed after 15:00 are shipped next business day.

Apply for a free FEITIAN PKI card

GOOZE and FEITIAN are happy to donate 20 Feitian PKI cards to Free Software projects. If your project meets certain criteria, please apply for a free card.

Translating GOOZE

GOOZE is being translated into French. Thank you for your patience!