| |
Over the last few months, I worked with several crypto tokens. The main reason is to secure my laptop and Lotus Notes. But there is much more to this.I'm also reviewing signing files such as PDF documents. Sign all my email which I'm doing since 2004.
Every time I use another product, I look for the ability to add a digital signature. This is my story.
First of all, what is the difference between a Smartcard and a Crypto Token?
No real difference, except USB Tokens (or crypto tokens) have the card reader built in, a Smartcard needs a card reader. A Smartcard is cheaper, fits into your wallet and can be combined with other functionality such as physical access control to buildings and offices. The crypto tokens fit on your key chain and you can get crypto tokens with flash memory, no need to carry two sticks around. Added benefit of a combined Crypto and Flash Drive is the ability to store data with the crypto key.
I'm using the following USB Tokens for my testing.
| | max Key Size | Memory |  | |
| iKey 2032 | 2048 | 32KB | iKey 2000 Series Software Version 4.7.0 MU 18 | End of Life |
| | | | |
| Cryptoidentity 5 | 1024 | 32KB | Eutron Cryptoidentity CryptoKit v3.7.1 | Discontinued |
| Cryptoidentity 2048 | 2048 | 64KB | Discontinued |
| | | | |
| Cryptoidentity FIPS | 1024 | 32KB | | Discontinued |
| Cryptoidentity IPSEC-P | 1024 | 32KB | | Discontinued |
| Cryptoidentity ITSEC-I | 1024 | 32KB | | Discontinued |
 | Most of my testing is done on my IBM Thinkpad running Windows 2000 Pro.
I have one USB port that can cause some excitement. When I need to switch to the Flash Disk and unplug the Crypto Token, the system logs me out. This can be annoying in the best case, or a real show stopper when I need to copy data to the Flash Disk while logged into the system. |
Some abbreviations and standards.
Working with crypto keys, you get overloaded with abbreviations. From AES to X.509, you will find almost any letter/number combination that is possible.
I'm starting here with a few that seem important to me.
PKCS11 is a file format that allows you to import/export encryption keys, both private and public. The importance here is the ability to store the private key, therefore these files have to be secured with very strong passwords.
PC/SC stands for PC/Smart Card standard. A workgroup (http://www.pcscworkgroup.com) that promotes a standard specification, to ensure that smart cards, smart card readers, and computers made by different manufacturers will work together and to facilitate the development of smart card applications for PC and other computing platforms. The website also lists all the participating members with links to their products and services.
X.509 is the standard for Public Key Infrastructure (PKI). It defines the format for certificates.
DES stands for Data Encryption Standard and defines a method for encrypting information.
CER is a file format to store public key certificates. Unlike PKCS11, CER does not store the private key.
FIPS stands for Federal Information Processing Standards and is used to indicate that a product fulfills the FIPS certification.
ISO 7816 defines the Smart Card Standard. This includes the physical characteristics, dimension, electronic signals, transmission protocols and interfaces.
Enough with abbreviations. In the table above, I listed the tokens. I got the iKey 2032 back in December 2005. I secured my Notes Client and reviewed the different options in the supplied utility. Details will be published soon. (I replaced the installation for the Cryptoidentity 5 & 2048).
I tried to use the Crypto Token for my Windows login. This only works if the user logs into a Windows Domain. Smartcards don't seem to be supported for local user accounts.
Update October 2011: Cryptoidentiy are discontinued. I was not able to find up-to-date information.
First published on May 30, 2006
Last revised on October 04, 2011 |