Has anyone got a tutorial up on getting your own smartcard and getting pkcs#11 working on it?

Question

Has anyone got a tutorial up on getting your own smartcard and getting pkcs#11 working on it? In Linux? (Windows would be fine too).

Most of the vendors seem to assume you'll be wanting enough for your whole company, not one or two.

Answer 1

This heavily depends on the driver and application you use. We use OpenSC/OpenCT for all non-Enterprise Smartcard uses. They have decent documentation,

http://www.opensc-project.org/opensc/wiki/QuickStart

Answer 2

Yes, check out what OpenSC supports.

Make sure that you know what you want - USB tokens or full-size smart cards. There are pros and cons with both solutions - USB tokens require drivers, often by the manufacturer, to use on some platforms (eg Windows7 or OSX can be troublesome). But they are easy to use once set up and sometimes offer better performance than ISO smartcards. Casual smart cards on the other hand have also contactless interfaces and can be used with pinpad readers which provide higher security than USB tokens.

If you're into fancier features and may want to extend your card infra further than just pkcs#11 crypto, javacards might be useful (OpenSC can not work with JavaCards directly but certain applets are supported, like Muscle) Otherwise look for a supported card operating system.