Design question
NdK
ndk.clanbo at gmail.com
Sat Feb 4 12:52:31 CET 2012
Il 04/02/2012 07:51, Iliya Peregoudov ha scritto:
> When private key corresponding to digital certificate is stored on
> computer's hard disk it is not stored securely. The only way to store
> private key securely is using smart card.
The best security is when you generate the key on the card: you can be
quite sure nobody else will be able to read that key.
To avoid using a "big" smartcard paired with an even bigger card reader,
you can use a "token": it's like a small USB pen, but incorporates both
a card and a reader.
Many motherboards have an onboard USB type-A port exactly for this purpose.
While TPM in Linux is handled quite in the same way as a SmartCard, I
have no idea about how it's handled in Win (but probably it integrates
well in the login chain).
BYtE,
Diego.
More information about the Freeradius-Users
mailing list