Recommendation for USB token with 2048 bit RSA keys

HI!

Does anybody know USB tokens with support for 2048 bit RSA
keys?
Which one would you recommend?

Ciao, Michael.
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user

Michael Ströder wrote:
> Does anybody know USB tokens with support for 2048 bit
RSA keys?

a) cryptoflex e-gate card with e-gate token adapter
b) cryptoflex e-gate card in token size ccid compatible
smart card reader
c) aladdin etoken pro 64k (CardOS M4.2)

> Which one would you recommend?

a) is great, but they no longer sell it (might come back
some day,
	but I'm waiting for 5 months already).
b) is working ok, my STRONG recommendation is to go with the
gemplus
http://www.cryptoshop.com/de/products/re
ader/donglereader/3610101004.php
because it works well and is the fastest out there (except
option a).
c) also quite fast and nice and works well.

with c) you have only one part, with b) if either card or
reader breaks,
you still have the other one. so c) vs. b) is not an easy
choice.

alternatives for b): omnikey cardman 6121 also works ok, the
scm scr 
3320 / openct driver doesn't work with 2048 bit (I found
out today,
I hope fixed soon, as it is a nice and fast token too). I
had issues
with the acs acr 38T no idea when that one will work ok.

Regards, Andreas
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user

Hello,

Andreas Jellinghaus schrieb:

> b) is working ok, my STRONG recommendation is to go
with the gemplus
> http://www.cryptoshop.com/de/products/re
ader/donglereader/3610101004.php
> because it works well and is the fastest out there
(except option a).

from what I have read in your Wiki, all Gem*-Devices seem to
be fully
supportet - meaning that everything that can be done with a
smartcard
can be done with these and a copy of OpenSC?

Also, is there any information available, as to which
smartcards are
erasable and which aren't?

I have done some reading and now would like to move on to
doing some
experimenting. However I'd hate so sink 50 Euros into a
card I would
brick within five minutes.

Regards,
Damian Philipp

_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user

Damian Philipp wrote:
> from what I have read in your Wiki, all Gem*-Devices
seem to be fully
> supportet - meaning that everything that can be done
with a smartcard
> can be done with these and a copy of OpenSC?

"everything" - I can't say that. but usualy
people want to initialize 
it, add a PIN and PUK, generate or store a key, sign and
store some
certificate, use the card for authentication / signing /
decrypting,
and all that can be done with opensc (and any reader
supported via
openct or pcsc-lite).

some people hacked together a web server on a smart card.
(and opensc would be the wrong software if you want to do
that -
  you see why "everything" is hard to answer.)

> Also, is there any information available, as to which
smartcards are
> erasable and which aren't?

my recommended card is the cryptoflex 32k e-gate. call it
the gold 
standard of smart cards  it is
fast, cheap. robust, open documented
etc. and you can simply buy one from the web shop in .us.
the only
drawback is: you need a visa card and pay for international
s&h.

there is no alternative (well, there is a swiss company that
claims
to be a second source, but some people lost their money and
got nothing
in return so beware).

cyberflex cards are javacards, and will be supported in the
next 
release, but till then don't use them. same with jcop cards
(although if you get the special version with a special
applet pre-
installed, it should already work). oberthur authentIC cards
are
also javacards and have this special applet that works with
opensc
IIRC.

cardos cards are nice too, and should be easy to get, but
their 
documentation is under NDA.

starcos cards are nice because their documentation is open,
but they are 
hard to get (I don't have one, let me know if you find a
source).

gemplus cards are a pain in the *** because they are hard to
get, usualy 
crippled (i.e. "gemsafe" version where the card
is half initialized and 
can only be used with their software for the second half),
and also not 
documented / require NDA.

tcos cards are (nearly?) impossible to get and not sure
about the 
documentation. until tcos 3 is released they can do only
1024bit rsa -
thus not very interesting.

all other cards: never heard how to get them or their
documentations.
if you know more about them, please let us know.

> I have done some reading and now would like to move on
to doing some
> experimenting. However I'd hate so sink 50 Euros into
a card I would
> brick within five minutes.

cryptoflex cards are about 22 euro and lots of people have
good 
experience with them. get the 32k e-gate pre-cut version, so
you
can use it with a usb dongle size smart card reader like the
gemplus
and you have a nice and flexible and fast and open
documented solution.
good luck!

Regards, Andreas
p.s. if you decide what you want, ask around here or on the
-devel list.
at least earlier when cryptoflex cards where only sold in
packs of five,
it was often easy to find a few other interested souls and
thus split
the cards (and shipping, handling, customs, vat ...).
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user