Applications

APPLICATIONS

The SmartCard-HSM is truely universal and can be used with a large variety of applications.

Secure Web Login

Protect access to sensible information on your website with 2nd factor authentication.

Use a SmartCard-HSM as authentication token via the build-in device authentication PKI or use keys and certificates on a SmartCard-HSM for TLS/SSL client authentication.

E-Mail encryption

Encrypt your e-mail using the S/MIME industry standard available in all major e-mail clients.

The SmartCard-HSM has been tested to work with Mozilla Thunderbird and Microsoft Outlook. Other e-mail clients with support for PKCS#11 or Microsoft CSP should work as well.

File Signing and Encryption

Starting with version 2.1, the GNU Privacy Guard (GnuPG) has build-in support for the SmartCard-HSM.

Use the gpgsm tool to sign, verify, encrypt and decrypt files or S/MIME messaging using your SmartCard-HSM.

The SmartCard-HSM has been validated to work with ZED!, one of the few file encryption tools approved by the European Council.

Workstation Login

Allow users to log into their workstation using a SmartCard-HSM.

Works with Kerberos in an Active Directory environment or using EIDAuthenticate

For Unix environments an integration with PAM and OpenSSH is available.

VPN Access

Protect your keys for remote access to your corporate network using a SmartCard-HSM.

Integration with the SmartCard-HSM has been sucessfully tested with OpenVPN. Other VPN clients supporting a PKCS#11 key store should work.

Disk Encryption

VeryCrypt allows you to store the key file on a SmartCard-HSM.

Certification Authority

CA keys are very sensible. If compromised or lost, you probable need to shutdown your PKI.

The SmartCard-HSM integrates well with industry solutions like EJBCA or XCA. No need to purchase an expensive HSM, use the SmartCard-HSM USB-Stick instead.

Electronically Sign Documents

Electronic document workflows require electronic signatures to prove who created or approved a document.

Use a signature key on a SmartCard-HSM to sign documents using Acrobat Reader, Open Office / Libre Office or any other PDF reader supporting electronic signatures.

Code Signing

Most code signing tools support hardware token with a PKCS#11 or CSP minidriver. Store your code signing keys on a SmartCard-HSM and lock it away while not used.

Physical Access Control

With it's unique build-in device authentication PKI, a SmartCard-HSM has a cryptographically protected unique identity that can be verified in a fast authentication protocol.

An access control terminal can verify authenticity and identity of the device, create a secure communication channel and perform offline PIN verification. The coolPACS project has all the details.

DNSSEC

Protect your domain name resolution using DNSSEC and a SmartCard-HSM as secure key store.

Luis D Espinoza Sanchez & Eberhard W Lisse held a session on using the SmartCard-HSM for DNSSEC at the 2015 ICAAN Meeting in Singapore.

Jan-Piet Mens wrote a nice article about integrating the SmartCard-HSM with PowerDNS and how to use a SmartCard-HSM for DNSSEC with BIND, Knot DNS and LDNS/NSD.

EAC-PKI

ePassports contain a chip that requires a terminal to authenticate before biometric data can be read.

The SmartCard-HSM can be used as key store at any level in the EAC-PKI (CVCA/DS/Terminal). See the EAC-PKI demo for details.

Bitcoin Wallet

The SmartCard-HSM has build-in support for the secp256k1 Elliptic Curve, the cryptographic algorithm used by Bitcoin.

While your Bitcoins are in the network, spending your Bitcoins requires access to your private Bitcoin key. If someone manages to obtain a copy of your Bitcoin key, then he can spend your Bitcoins and you won't even know until it's too late.

The Smart=BTC project has implemented a Bitcoin Wallet based on a SmartCard-HSM.