Has anyone worked with the Zeit programmable smartcards? These are
inexpensive and contain an EAL5+ cryptographic processor. Once
properly loaded, you can not remove any of the private keys, so it
seems like an excellent platform for hardened key storage. The
platform is not Java friendly, but C# is supported.
Zeit does not have a clear PCKS11 wrapper, but it occurs to be that
someone may have successfully layered these under the BouncyCastle C#
libraries. If so, can you share? If not, I guess I am signing myself
for the attempt -- if anyone else would find this useful and would
like to collaborate, let me know any I will set up some SVN space on
Google. (Since the hardware is available outside of the United States
and we would be discussing crypt software, there are no restrictions
on international collaboration under IATA. Standard caveat: IANAL.)
For more information ...
http://www.basiccard.com/
