[Passwordsafe-devel] PKCS11 Smartcard Support

[John C. <jo...@gm...>]

I've got an EToken NG flash that I'm using opensc with, and I'd love
to use a private key on the token to decrypt my password file.  This
device is a smartcard and a USB flash drive in one device.  I'd love
to put password safe and my password file on it in such a way that it
would be difficult for someone to use a key logger to gain access to
my encryption key.

So, unless someone else has plans to do it (which would make me very,
very happy) I'd like to implement PKCS#11 support for password safe.
If I do this, is there interest in including it in your product?

If so (and even if there is no interest) where do you think the best
architecture to use?  When using PKCS#11, I would want password safe
to ask for the smartcard's PIN, and store that in memory.  I would set
the timeouts for locking the app to be somewhat aggressive, but
unlocking the app would be transparent provided the smartcard was
still present.  When using a smart card, the encryption key would be
chosen randomly and then encrypted with the public key of a
certificate stored on the smart card and storred with the database.

If we were to build PKCS#11 support into the password safe GUI, it
would require storing the following additional data elements with the
password file: