Got Linux ?

Blah blah blah... Mostly technical thoughts, rants and gibberish

Linux and smart cards for PKI - Overview


When the company I work for decided to become serious about its Public Key Infrastructure (PKI), take on the role of Registration Authorithy (RA) on behalf of a well-known Certificate Service Provider (CSP) and teach its employees to use SSL certificates to secure e-mail messages, I did not suspect the vastness of the task that confronted me, includingly (but not exclusively) when it came to introduce smart cards into our daily Linux life.

Usually, when setting on a new Linux project, I netsearch for a few keywords, quickly find some exquisite documentation (thanks to whomever wrote it), and get going.
With smart cards… nope! Thou shall not have it that easy, you miserable ignorant twat!

To start with, I never encountered a domain with so many acronyms, standards, vendors, etc. entangled into such an obscure web of features, specifications, versions, etc. Oh dear! I quickly stood humbled…

So here follow a few clues for smart card illiterates (like me).


Smart cards support is usually - iow. the least troublelessly - implemented on Linux using three pieces of software:

Along the Public Key Cryptography Standards (PKCS) relevant to the matter at hand, namely:


Using a smart card entails two pieces of hardware:

Waddling our way through all the gibberish

The PC-to-reader interface

The protocols commonly used to allow the PC to communicate with the reader, via its USB connection, and the smart card are:

The reader-to-smartcard interface

Contact interface

The interfaces most commonly used for the reader to interact with the smart card via physical electrical contact are:

Contactless interface

The interfaces most commonly used for the reader to interact with the smart card via radio communications are:

Smart card options

Like already mentioned, smart cards come into with a wide variety of options.

Once all options sorted out, one may want to verify the chosen smart card compatibility with the Linux stack:


Preliminary checks

Let’s first verify our hardware choices are indeed compatible with the Linux stack and with one-another:


Most smart cards will be blank when received from their manufacturer.

The best course of action from here is too follow OpenSC’s exhaustive documentation.

Shortly put, one will need to:


(…a few eons later…)

Please read-on:

Linux and smart cards (OpenSC) - How-to