Mittwoch, 29. Dezember 2010

Installing and configuring a .NET Smartcard

A SmartCard is very handy when it comes to security. It can
  • hold your S/MIME certificate for secure E-Mail communication
  • be used to sign in to your windows PC
  • hold security tokens for harddrive encryption
  • … much more

This post explains how to setup a Gemalto .NET SmartCard on your PC. You could use any SmartCard with PKCS11 support but this post covers the .NET card specifically.
Buy the equipement
The 1st thing you need is the SmartCard itself. I bought my “Gemalto .NET IM V2+” SmartCard at the CryptoShop for about 20€. 
Additionally, you need a card reader. Any Home-Banking cardreader will work just fine. If you don’t have any, just get one starting from 10€ from ebay or amazon. I got the SCR 3310 for my home PC and the OmniKey 4040 for my Laptop, both from ebay.
Install the windows drivers
For applications to access the card and it’s content, you need to have the so-called PKCS#11 library installed. It’s a DLL that can be loaded into various applications like Firefox, Thunderbird etc.
Download the .NET PKCS#11 Libraries for Windows OS from
Run the installer and walk through the wizard, there’s not much to select, you should end up with this window.
The setup created a folder in your program files which contains the PKCS#11 libaray. For me, it was located in
C:\Program Files (x86)\Gemalto\PKCS11 for .NET V2 smart cards
and looked something like this:

Import certificates to the smartcard
The SmartCard you received from the store is empty. You need to load a certificate onto it. Open the browser-based gemalto certificate manager with Firefox. The 1st time you do that, you need to install a Firefox add-on called SConnect. This is the interface to your SmartCard.
Restart Firefox
Insert your smartcard and e.nter the certificate manager again. When asked, allow the gemalto website to access your smartcard. You should now see the following screen
Press “Import P12 Cert” and select the certificate to import to the card. If you don't have a certificate yet, here's how to create one.
During import you’ll need the default PIN which is 0000
After the import is complete, you should change the PIN to something more secure.
Done! Your certificate is securely stored on the SmartCard. You should keep your certificate file on an external drive in a secure location. It’s just for backup purposes.

See my other posts to find out how to get a certificate and how to use the smartcard with your applications

Keine Kommentare: