Tools for Cryptographic hardware tokens
This page provides tools that help you work with Cryptographic Tokens, which are hardware devices (usually plugging into the USB bus) that can perform cryptographic functions in such a way that secrets need not leave the token.
Below are several bits of software that help you with general tasks like authentication, decryption and signing based on cryptographic hardware. If so desired, OpenFortress can roll out applications with these in your company, or we can build similar functions tailored to your situation.
Authentication with ePass over Linux-PAM
The Linux-PAM system provides pluggable authentication for many modern Un*x systems, and we devised a software package to support authentication on such systems. This enables fine control over system access.
The ePass cryptographic token is a low-cost piece of hardware that can perform authentication functions like these. OpenFortress can deliver the tokens to you if you like, in any batchsize desired. At your request, the tokens can be preloaded with credentials suitable for this application.
An example application is restricting the
sudo functions such that they only work on systems with an ePass token plugged in. Alternatively, it would be possible to demand that all users have their own ePass and must use it to login, to unlock the screensaver, and so on. Contact OpenFortress if you need help doing so.
Please note that ePass only works on Linux, Windows and older MacOS systems at this time -- the attached PAM module can therefore only be used on Linux.