strongSwan smart card configuration HOWTO » History » Version 7
strongSwan for Smart cards HOWTO¶
This howto will explain how to set up strongSwan with Smart Cards. The use of Smart Cards introduces Two-Factor authentication to the strongSwan setup.
strongSwan supports PKCS#11 RSA standard using opensc libraries, which specifies how to store cryptographic information on devices.
To install opensc under Debian based distributions:
sudo apt-get install opensc
To enable smart card support in strongSwanm, you may need to compile from sources:
./configure <add your [[options|]] there> \ --enable-smartcard make sudo make install
opensc supports a variety of smart card readers. Second hand Omnikey 3121 CardMan USB Smard Card reader can be found on eBay for less than 10 euros. Cryptoflex 32k blank cards are a common choice. Read Buyers Guide section in opensc FAQ for more information.
Smartcard readers with an integrated PIN pad offer an increased security level because the PIN entry cannot be sniffed on the host computer e.g. by a surrepticiously installed key logger. [Fix-me: Could someone recommend some cheap hardware].