Smartcard Systems Redesigned

Dan Cvrcek
Jul 11 · 2 min read

We have successfully delivered the first centralized smartcard signing solution about a year ago. From this week, Windows legacy applications can use smart cards in the cloud

At the beginning, there was a hardware platform that made smartcards available via TCP/IP. We used it extensively as a local hardware crypto provider — it is amazing to have a few hundred encryption engines with FIPS140–2 security certification in a 1U server enclosure.

We did this as a live demo at DEFCON25.

We used this with UCL (University College London) at DEFCON to show how super-secure (resistant to supply chain compromise) systems can be built and delivered. Pretty much linear scalability, with the host PC trying to keep up with smartcards.

Later, we were asked to deliver a centralized digital signing solution for enterprise environment — we talk about legally binding signatures under the EU law. The European Union has been pushing for “digital government” and tightened up some requirements for public bodies, which include local governments and public universities. That’s how CloudFoxy came to light.

CloudFoxy PDF signing with cloud eIDAS smartcards (or PGP if you want)

CloudFoxy is a system for PDF signing. It integrates with JSignPdf — and its part of its latest binary distribution. The usage is just like signing documents with a local software key.

It assumes that the client controls and guarantees the security of the infrastructure — just like you have to make sure that your PC doesn’t have malware trying to sign legally-binding documents without your authorization.

There was one bit missing still — integration with legacy applications, which use local smartcards and extremely complicated smartcard subsystems in Windows. Not any more.

The latest extension of the CloudFoxy solution allows remote management of smartcards — from PIN resets to renewals of certificates. All that with vender-specific management applications.

The installation is easy, the usage is transparent … the only difference is that instead of a couple of smartcards, you can now work — from the comfort of your office chair — with hundreds of smartcards without the hassle of smartcard readers, libraries, plugins, etc.

If you want to learn more, give us a shout at support@keychest.net

Cyber Shards

Security is not about encryption but control

Dan Cvrcek

Written by

Security wizard, banking consultant, turning technology into magic and back. Past: Uni. of Cambridge, Deloitte, banks.

Cyber Shards

Security is not about encryption but control