Fellowship crypto card: the cool way!

From the very first day we started planning the Fellowship about 1.5yrs ago, I always wanted a PCMCIA smart card reader for my notebook. Believe it or not: The design incorporated that idea from the start. When you plug the Fellowship crypto card into a PCMCIA reader, only the upper third sticks out of your notebook, proudly displaying the "Fellowship of FSFE" logo.

Unfortunately finding a PCMCIA smart card reader proved to be more difficult than we were hoping. During the last year, Werner and I spent quite some time talking to hardware vendors, trying to get them to have a fully supported PCMCIA smart card reader. Unfortunately, they would either provide no drivers for the Linux kernel, or depend on proprietary components, which was plainly unacceptable — both for issues of freedom, as well as for issues of security: all crypto data was going through that black box and the security of any system is obviously only as good as its weakest link.

Thanks to the cooperation of Nils Färber from kernelconcepts who discovered the Omnikey CardMan 4040 reader, Harald Welte, who put the driver into the Linux kernel, and my favorite GnuPG-cryptogod, Werner Koch, I have now spent the past days enjoying the look of my Fellowship crypto card sticking directly in my notebook. Thanks a lot, guys!

And yes, it is very cool.

If you want to try it yourself, you need to replace two files in the GnuPG 1.4.2 source code and recompile — Werner has the files online in his blog. But as I know that some people consider themselves members of the "Church of Binaries" (Hi, Stefano!), I have put online a Debian binary archive for GnuPG 1.4.2 with PCMCIA smart card support already compiled in. It should run without problems on recent Debian GNU/Linux-based systems.

Of course it is much cooler to just plug in the reader and use it without having to fiddle with devices or permissions while everyone is watching. That is why I also put online a tar archive with config files/scripts for udev-based systems that takes care of this automatically (udev is a replacement for hotplug on recent systems). If you have set up your system following the Fellowship crypto card howtos, unpacking it in the root directory should take care of everything you need.

Have fun!

Be Sociable, Share!

3 comments to Fellowship crypto card: the cool way!

  • Authenticating SSH logins with theFellowship crypto card

    There is a German aphorism that would translate to "ask someone holes into their stomach." If that were true, Werner should have holes in his stomach from my questions — but at last the…

  • patrick

    Driver for O2Micro Smartcard reader found in Acer Travelmate 660

    If you use an Acer Travelmate 660 with the following incorporated smartcard reader:

    product info: “O2Micro”, “SmartCardBus Reader”, “V1.0″
    manfid: 0xffff, 0×0001

    You can find the drivers released under the LGPL by O2Micro on http://www.musclecard.com:

    Happy hacking!

    p.s. I didn’t test the driver, because I changed laptop in the meantime :/

  • Update: Fellowship crypto card with PCMCIA and for SSH logins

    After figuring out how to use the Fellowship crypto card with a PCMCIA reader and then setting up SSH authentication with the card, I had a lot of fun with my card at the United Nations and elsewh…

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>