OpenSC provides a set of libraries and utilities to access smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as mail encryption, authentication, and digital signature. OpenSC implements the PKCS#11 API so applications supporting this API such as Mozilla Firefox and Thunderbird can use it. OpenSC implements the PKCS#15 standard and aims to be compatible with every software that does so, too.
CardsAndTokens has the full list of all smart cards and tokens.
Each release is tested with a subset of the supported cards, and users provide additional test results. These are collected in RecentTestresults.
OpenSC runs on Windows, Mac OS X and several other Unix and Bsd flavors. It is even shipped as integral part of some LinuxDistributions.
OpenSC can be integrated with OS-centric cryptography frameworks such as WindowsCsp.
To use OpenSC you need a driver for your smart card reader. This can either be a driver in CT-API format, or an IfdHandler? driver in combination with PcscLite?, or OpenCt?. Most developers use OpenCT in direct combination, i.e. not using the OpenCT CT-API driver nor the OpenCT ifdhandler with PC/SC-Lite. However those alternatives should work fine, too.
On Win32 platforms you usually get a PC/SC driver. Most Pinpad readers (aka Class 2+ readers) also supply a CT-API driver. Though both drivers can be used with OpenSC you are currently limited to the CT-API driver if you want to use the reader's pinpad.
OpenSC comes with a bundle of tools for testing, debugging and initialization. In addition it contains two OpensslEngines that can be combined with OpenSSL to use the normal OpenSSL commands while using a smart card hardware to do the crypto operations.
OpenSC contains a PamModule? for authentication/login via smart card. That pam module however has a few minor bugs. But there is also a new pam module for PKCS!#11 libaries.
OpenSC contains a PKCS#11 library called opensc-pkcs11.so. This library can be used with MozillaFirebird?, MozillaThunderbird? or plain Mozilla to login to websites using certificates from the smart card, or to sign and decrypt eMails or authenticate to your mail server with your certificate. Keypair generation, certificate request and writing the requested cert through an on-line CA should also be possible.
FreeSwan/StrongSwan/OpenSwan? can be compiled with OpenSC support and thus be used to authenticate a VPN connection using a smart card.
OpenSSH can be compiled with OpenSC support and thus use the smart card for authenticating at a remote ssh server. See OpenSsh for details.
On Windows there is a patched version of Putty with support for PKCS#11 libraries such as OpenSC. See the Smart Card Bundle for a binary package with installer containing OpenSSL, OpenSC and Putty for Windows.
GnuPg? contains support for OpenSC in the experimental 1.9 branch.
There is a patch for WpaSupplicant? to allow authentication to access points using smart cards.
Gdigidoc uses OpenXAdES library what in turn can make use of OpenSC PKCS#11 module or CSP on windows.
Here's a Wikipage that has some information about PuTTYcard, an extension to Simon Tathams PuTTY. PuTTYcard let you use your Smartcards RSA keys with Pageant.exe.
LibChipcard is a library and tools to use all kind of chipcards like HBCI chip cards and german medical cards. It is used by many online banking applications. The latest development snapshot for version 2 now includes support for using opensc reader layer. great new!
TroubleShooting explains the most common problems and how to solve the,
You can either download OpenSC releases from our File Archive or access our SubversionRepository.
* NIST has a document about personal identity verification cards.
We would like to gather some information on developers to make it easier for all of us. New pages: DeveloperHardware? (donations welcome!), AutoVersions.
ReleaseHowto documents our release process.
For interoperability with other smart card projects, mostly national id cards, there is a mailing list at [http://www.gol.grosseto.it/mailman/listinfo/interopeid]