How could one get started with smartcards programming? I am asking here about all the toolkit he needs in order to get started: books, tutorials, hardware etc.
I am planning in playing around with a couple of smartcards programmers and I am pretty new to this field.
Edit: I am mostly interested in programmers that play nice with Unix-like operating systems. Also, I am not sure how this works ... but I would like to program them in C/C++
If you google about you can find smartcard development kits that offer a programmer, a few sample cards, and manuals, reasonably inexpensively.
It also helps to have an understanding of cryptography (especially public-key crypto), and some practice at packing data into really really tiny structures.
Smartcards range from the incredibly dumb (a secure 1kb memory store) to the fairly sophisticated (I've see ones advertised that run a cut down .NET framework).
Probably the most commonly used smartcards are the units produced by Mifare which are generally made as travel tickets but also used as loyalty cards or even access permits.
Whenever I've needed to access smart cards for use in security applications it has been via either:
To access a card using the Microsoft CryptoAPI a card specific Cryptographic Service Providers (CSP) is needed. The CSP sits under the CryptoAPI layer.
If you are developing on Unix/Linux using 'C/C++', however, then you will probably want to take a look at the PKCS#11 standard from RSA. The standard specifies a 'C' API called Cryptoki (Cryptographic Token Interface) which gives a common abstraction above all types of crypto devices. Nearly all smart card vendors provide a PKCS#11 library for their cards that you can program against using the Cryptoki API.
If you want to access the smart card/reader at a lower level you can use APIs such as PC/SC or CT-API.
PC/SC defacto standard for smart card access implemented on Windows, Linux and Mac OS X
CT-API provides only very minimal functionality; not very suitable for modern apps.
If you are interested in writing Java applets that run on smart cards then you probably want to look http://java.sun.com/javacard/
Resources that may be of use
OpenSC is a set of libraries and tools for smart cards. It is designed to work with PKCS#11 supporting cards. OpenCT provides drivers for card readers, and tokens that are comprised of both a card and a reader (ie. usb tokens, and other ’complete’ devices).
http://www.linuxnet.com/ MUSCLE - The movement for use of smart cards in a linux environment
PKCS#15 - Cryptographic Token Information Format Standard
A presentation on PKCS#11given at the RSA conf in 2009.
PyKCS11 A Python wrapper around PKCS#11. These type of wrappers can provide a simpler higher level interface than working directly at Cryptoki level.
Java is beginning to get a huge grip in the SmartCard market, pushed by very big players (like IBM).
There are entire countries where people are carrying a Java Card in their pocket. For example there are more than 10 millions Belgium citizens whose (mandatory-to-have-with-them) national ID card is a Java Card running the BELPIC "applet".
If I'm not mistaken the entire Brazilian health care system is also based on Java Card(s).
Regarding SmartCard and Linux, here's the Linux SmartCard howto (note that that howto is full of the "Java" keyword everywhere):
http://www.faqs.org/docs/Linux-HOWTO/Smart-Card-HOWTO.html
Then there's a .pdf called "Exploring SmartCards" from June 2008 which takes a look at the big mess that the "SmartCard" world is and that basically starts by explaining that "SmartCard" is about as descriptive as saying "computer": that is, not very descriptive ; )