Involved Projects and Packages
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab.
This is an Openssl 3.x provider to access Hardware or Software Tokens using
the PKCS#11 Cryptographic Token Interface.
This code targets version 3.0 of the cryptoki interface but should be backwards
compatible to previous versions as well.
An implementation of a cryptographic store accessible through a PKCS #11 interface.
The trousers package provides a TSS implementation through the help of a user-space daemon, the tcsd, and a library Trousers aims to be compliant to the 1.1b and 1.2 TSS specifications as available from the Trusted Computing website http://www.trustedcomputinggroup.org/.
The package needs the /dev/tpm device file to be present on your system. It is a character device file major 10 minor 224, 0600 tss:tss.
NOTE: Automatically created during Factory devel project migration by admin.
Here you can find middleware and drivers for supporting chipcards.
In case of any compatibility problem, update the whole smart card package chain by command:
zypper dup --from security:chipcard
Libp11 is a library implementing a small layer on top of PKCS#11 API to make using PKCS#11 implementations easier.
The official name for PKCS#11 is "RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)".
Libp11 source code includes the official header files (version 2.20) and thus is "derived from the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki)".
This package is based on the package 'opensc' from project 'openSUSE:Factory'.
OpenSC provides a set of libraries and utilities to access smart cards.
Its main focus is on cards that support cryptographic operations. It
facilitates their use in security applications such as mail encryption,
authentication, and digital signature. OpenSC implements the PKCS#11
API so applications supporting this API, such as Mozilla Firefox and
Thunderbird, can use it. OpenSC implements the PKCS#15 standard and
aims to be compatible with every software that does so, too.
This package is based on the package 'pam_p11' from project 'openSUSE:Factory'.
Pam_p11 is a pluggable authentication module (pam) package for using
cryptographic tokens, such as smart cards and usb crypto tokens, for
authentication.
Pam_p11 uses libp11 to access any PKCS#11 module. It should be
compatible with any implementation, but it is primarely developed using
OpenSC.
Pam_p11 implements two authentication modules:
* pam_p11_openssh authenticates the user using openssh
~/.ssh/authorized_keys file.
* pam_p11_opensc authenticates the user using certificates found in
~/.eid/authorized_certificates. It is compatible with the older
opensc "pam_opensc" authentication module (eid mode).
Pam_p11 is very simple. It has no configuration file, no options other
than the PKCS#11 module file, and does not know about certificate
chains, certificate authorities, revocation lists, or OCSP. It is
perfect for the small installation with no frills.
This package is based on the package 'pam_pkcs11' from project 'openSUSE:Factory'.
This Linux PAM module allows X.509 certificate-based user
authentication. The certificate and its dedicated private key are
thereby accessed by means of an appropriate PKCS #11 module. For
verification of the users' certificates, locally stored CA certificates
as well as online or locally accessible CRLs are used.
Additionally, the package includes pam_pkcs11-related tools: -
pkcs11_eventmgr: Generate actions on card insert, removal, or
time-out events
- pklogin_finder: Get the login name that maps to a certificate
- pkcs11_inspect: Inspect the contents of a certificate
- make_hash_links: Create hash link directories for storing CAs and
CRLs
This package includes the PC/SC IFD handler for the Reiner SCT
Cyberjack pinpad/e-com/RFID USB chipcard readers. The driver is meant to be
used with the PCSC-Lite daemon from the pcsc-lite package.
For more information about the reader and software updates see:
http://www.reiner-sct.de/db/reiner-sct.de/html/e-com.html
http://www.reiner-sct.de/db/reiner-sct.de/html/pinpad.html
This package is based on the package 'pcsc-reflex60' from project 'openSUSE:Factory'.
This package contains a driver for the Reflex 62 and Reflex 64 smart
card readers produced by Schlumberger. This driver is meant to be used
with the PCSC-Lite daemon from the pcsc-lite package.
This package is based on the package 'pkcs11-helper' from project 'openSUSE:Factory'.
pkcs11-helper allows using multiple PKCS#11 providers at the same
time and selecting keys by id, label or certificate subject.
Besides it covers the following topics: * Handling card removal
and card insert events
* Handling card re-insert to a different slot
* Supporting session expiration serialization
* and much more All this is possible using a simple API.
GnuPG 2 is the successor of "GnuPG" or GPG. It provides: GPGSM,
gpg-agent, and a keybox library.
GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
easier for applications. It provides a high-level Crypto API for
encryption, decryption, signing, signature verification, and key
management. Currently it uses GnuPG as its back-end, but the API is not
restricted to this engine.
GPGME++ is a C++ wrapper (or C++ bindings) for the GnuPG project's GPGME (GnuPG
Made Easy) library, version 0.4.4 and later.
This package contains Python bindings for GnuPG
QGpgme provides a very high level Qt API around GpgMEpp.
The stunnel program is designed to work as an SSL encryption wrapper
between a remote client and the local (inetd-startable) or remote
server. The concept is that by having non-SSL aware daemons running on
your system, you can easily set them to communicate with clients over a
secure SSL channel. Stunnel can be used to add SSL functionality to
commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers,
without any changes to the program code.
The GnuTLS library provides a secure layer over a reliable transport
layer. Currently the GnuTLS library implements the proposed standards
of the IETF's TLS working group.
