Fellowship crypto card: the cool way!

From the very first day we started planning the Fellowship about 1.5yrs ago, I always wanted a PCMCIA smart card reader for my notebook. Believe it or not: The design incorporated that idea from the start. When you plug the Fellowship crypto card into a PCMCIA reader, only the upper third sticks out of your notebook, proudly displaying the "Fellowship of FSFE" logo.

Unfortunately finding a PCMCIA smart card reader proved to be more difficult than we were hoping. During the last year, Werner and I spent quite some time talking to hardware vendors, trying to get them to have a fully supported PCMCIA smart card reader. Unfortunately, they would either provide no drivers for the Linux kernel, or depend on proprietary components, which was plainly unacceptable — both for issues of freedom, as well as for issues of security: all crypto data was going through that black box and the security of any system is obviously only as good as its weakest link.

Thanks to the cooperation of Nils Färber from kernelconcepts who discovered the Omnikey CardMan 4040 reader, Harald Welte, who put the driver into the Linux kernel 2.6.15.2, and my favorite GnuPG-cryptogod, Werner Koch, I have now spent the past days enjoying the look of my Fellowship crypto card sticking directly in my notebook. Thanks a lot, guys!

And yes, it is very cool.

If you want to try it yourself, you need to replace two files in the GnuPG 1.4.2 source code and recompile — Werner has the files online in his blog. But as I know that some people consider themselves members of the "Church of Binaries" (Hi, Stefano!), I have put online a Debian binary archive for GnuPG 1.4.2 with PCMCIA smart card support already compiled in. It should run without problems on recent Debian GNU/Linux-based systems.

Of course it is much cooler to just plug in the reader and use it without having to fiddle with devices or permissions while everyone is watching. That is why I also put online a tar archive with config files/scripts for udev-based systems that takes care of this automatically (udev is a replacement for hotplug on recent systems). If you have set up your system following the Fellowship crypto card howtos, unpacking it in the root directory should take care of everything you need.

Have fun!

About Georg Greve

Georg Greve is a technologist and entrepreneur. Background as a software developer and physicist. Head of product development and Chairman at Vereign AG. Founding president of the Free Software Foundation Europe (FSFE). Previously president and CEO at Kolab Systems AG, a Swiss Open Source ISV. In 2009 Georg was awarded the Federal Cross of Merit on Ribbon by the Federal Republic of Germany for his contributions to Open Source and Open Standards.
This entry was posted in Uncategorized and tagged , , , . Bookmark the permalink.