Giesecke & Devrient

[Peter Gutmann]

Eugen Leitl <eugen at leitl.org> writes:

>I have no smart card background, unfortunately. I've heard G&D ignores
>requests from open source developer people, though.

Yup.  It's standard banking-industry stuff, unless you're a large
bank/government/whatever and are prepared to sign over your firstborn and
swear eternal secrecy, they won't talk to you.

>Are keywords like STARCOS SPK2.3 (Philips P8WE5032 chip), ITSEC E4
>certification (with StarCert v 2.2.) etc. associated with a good security
>track?

They're associated with good buzzword-compliance.  Since it's impossible to
get any technical details out of them, it's rather hard to say.  If you've got
something like a PKCS #11 driver off them then you should be OK, but if you
want to do any low-level work with the card yourself, find another vendor.

>Features

Nothing you can't get from a pile of other vendors who will actually talk to
you.  Unless you've got some business reason to deal with them, I wouldn't
bother (I have nothing against them per se, they just do business in a way
that isn't useful to me... and I'm sure they think the same of me).

Peter.