Smartcard Authentication - Secure & Easy


on my webpages about smart card based authentication.

Since 2001 I have been adding smart card support into various applications. Either to allow users to authenticate themself against those applications with smart card based 2-factor machanisms or to let them digitally sign documents with their smart card.

Using smart cards instead of username/password-pairs dramatically increases security. If used properly a smart card contains a unique private key which can be used within the card only (of course only if you have entered the correct PIN value first).

As the private key cannot be read from a smart card, you cannot duplicate a smart card unless the key was created outside the card and you kept a copy. Nobody can steal your smart card and you won't notice. And if you give your smart card to someboy else you won't be able to authenticate yourself against smart card protected applications.

So the only security risk is theft of you card by someone that has found out the PIN of your smart card. Installing a keylogger (either soft- or hardware based) is an easy method to spy on your PIN and that's why the PIN of a smart card should be entered on the PinPad of your smart card reader. During the so called "Secure PIN Entry Mode (SPE)" every keystroke is sent directly to your smart card without leaving the housing of your reader.

For that reason all my programms support SPE.

Here's a list of some of the applications that might use smart cards. Either by modifying their authentication routines or by using standarized APIs:

Adding smart card support to most of the above mentioned applications is described in more detail on the german pages. Let me know at if you are interested.

A smart card enabled replacement for Pageant (the key-agent of Simon Tatthams PuTTY package) can be downloaded from the download area. And there are separate pages explaining its functionality in both english and german.