strongSwan smart card configuration HOWTO » History » Version 7

« Previous - Version 7/159 (diff) - Next » - Current version
Jean-Michel Pouré, 25.12.2009 18:15

strongSwan for Smart cards HOWTO

This howto will explain how to set up strongSwan with Smart Cards. The use of Smart Cards introduces Two-Factor authentication to the strongSwan setup.


Software requirements

strongSwan supports PKCS#11 RSA standard using opensc libraries, which specifies how to store cryptographic information on devices.

To install opensc under Debian based distributions:

sudo apt-get install opensc

To enable smart card support in strongSwanm, you may need to compile from sources:

./configure <add your [[options|]] there> \
sudo make install

Supported hardware

opensc supports a variety of smart card readers. Second hand Omnikey 3121 CardMan USB Smard Card reader can be found on eBay for less than 10 euros. Cryptoflex 32k blank cards are a common choice. Read Buyers Guide section in opensc FAQ for more information.

Smartcard readers with an integrated PIN pad offer an increased security level because the PIN entry cannot be sniffed on the host computer e.g. by a surrepticiously installed key logger. [Fix-me: Could someone recommend some cheap hardware].