starting smartcard programming

Whenever I've needed to access smart cards for use in security applications it has been via either:

• Microsoft CryptoAPI
• a PKCS#11 library for the card.

To access a card using the Microsoft CryptoAPI a card specific Cryptographic Service Providers (CSP) is needed. The CSP sits under the CryptoAPI layer.

If you are developing on Unix/Linux using 'C/C++', however, then you will probably want to take a look at the PKCS#11 standard from RSA. The standard specifies a 'C' API called Cryptoki (Cryptographic Token Interface) which gives a common abstraction above all types of crypto devices. Nearly all smart card vendors provide a PKCS#11 library for their cards that you can program against using the Cryptoki API.

If you want to access the smart card/reader at a lower level you can use APIs such as PC/SC or CT-API.

• PC/SC defacto standard for smart card access implemented on Windows, Linux and Mac OS X

• CT-API provides only very minimal functionality; not very suitable for modern apps.

If you are interested in writing Java applets that run on smart cards then you probably want to look http://java.sun.com/javacard/

Resources that may be of use

• OpenSC is a set of libraries and tools for smart cards. It is designed to work with PKCS#11 supporting cards. OpenCT provides drivers for card readers, and tokens that are comprised of both a card and a reader (ie. usb tokens, and other ’complete’ devices).

• http://www.linuxnet.com/ MUSCLE - The movement for use of smart cards in a linux environment

• PKCS#15 - Cryptographic Token Information Format Standard

• Smart Card Handbook

• A presentation on PKCS#11given at the RSA conf in 2009.

• PyKCS11 A Python wrapper around PKCS#11. These type of wrappers can provide a simpler higher level interface than working directly at Cryptoki level.

• Smart Card Alliance