Other Sellers on Amazon
+ FREE Delivery
+ FREE Delivery
PIVKey C910 PKI Smart Card
|Price:||2,384.00 FREE Delivery.|
|You Save:||1,616.00 (40%)|
|Inclusive of all taxes|
Pay on Delivery (Cash/Card) eligible
What is this?
Pay on Delivery (POD) includes Cash on Delivery (COD) as well as Debit card / Credit card / Net banking payments at your doorstep.
- PIVKey C910 PKI Smart Card
Customers who viewed this item also viewed
Have a question?
Find answers in product info, Q&As, reviews
Customers who bought this item also bought
Description for PIVKey C910 PKI Smart Card
CERTIFICATE BASED SECURITY PKI USB Dual Interface smart card supports both Contact (ISO 7816) and Contactless (ISO 14443) readers to let you securely store and use X509 digital certificates and associated cryptographic keys, offering high quality certificate based security. Digital certificates support PKI applications like logon to Windows®, email and Document Signing, Encryption as well as remote logon using VPN, RDP or HTTPS
|5 star (0%)|
|4 star (0%)|
|3 star (0%)|
|2 star (0%)|
|1 star (0%)|
Most helpful customer reviews on Amazon.com
- I could use the card+PIN to authenticate myself to remote sshd systems.
- I could use the card+PIN to replace common PAM login/unlock actions (e.g. the Ubuntu login screen after boot, the unlock screen, sudo, etc).
(NB: for PAM actions, the "ca certificate" you need in "cacerts" is actually the "server-ca.crt" DER file that Taglio doesn't actually link anywhere to except from the index page of their "ca" server)
If I was not extremely motivated to do this, there is no chance I would have succeeded. I can't stress enough how distasteful the process of cobbling together enough information to do these things was.
What I *couldnt* use it for was pkcs15-crypt "decrypt" action, because none of keys loaded on the card is useable as a decryption source. So eg. "pkcs15-crypt --decipher --key 01 --input xxx --pkcs -o /tmp/luks_output" will always return something like "unable to find private decryption key '01': Requested object not found" because although key 01 exists, it can only be used for signing and not decryption. This meant that I could not feasibly use it as a token to provide 2FA for unlocking my encrypted boot partition.
This may be unfair to Taglio because I have not tried to contact their support dept to see if I can somehow load a certtificate/key that can be used for decryption, but at this point I recommend against buying this card if you want to use it as a 2FA source for unlocking an encrypted disk partition. Unfortunately, I cannot recommend another card; at least finding one that works for my requirements seems fraught with obscure tradeoffs and gotchas. There are definitely none available in small quantities on Amazon that I know will work for a fact. So if you don't care about being able to use the card to decrypt ciphertext, and you want to buy something from Amazon, it might be your best option.
Programming the card appears to require a Windows system and the vendor's management software. I'm still researching this.