Taglio PIVKey C910 Certificate Based PKI Smart Card for Authentication and Identification, Dual Interface Contact/Contactless Smart Card, Supports Windows PIV Drivers, Standard ISO.

I love my PIVKey!I like to “get my hands dirty” and dig into different kinds of technologies, usually related to Linux or Windows servers. I thought it’d be pretty cool to take a look into smart card login integration with Active Directory as I already had a Windows 2012 domain controller setup in my home lab, but I initially wasn’t too sure on what all I needed. It turned out that all I really needed was a smart card reader and a smart card – after doing some research online, it was pretty clear to me that the PIVKey had a good success rate.Enrolling a user account for a smart card in Active Directory was easier than I thought it would be, and I didn’t have any issues with the PIVKey, and the setup is still working great two months later! The PIVKey came with some instructions and general information that made enrollment a breeze. With the PIVKey, I’m simply able to insert the PIVKey into a smart card reader and then enter a PIN number that I set to login to Windows. I’ve also read that smart cards can be integrated with Exchange – I hope to test out the PIVKey with that soon as well. Overall, I would highly recommend this smart card and I haven’t had any issues whatsoever.

The card does indeed respond as a PIV card. Windows smartcard logon (windows 10) recognizes it. Minor nit: the card itself has no printing on it (so label it before you toss it in the bucket with your other sample PIV cards.)

Another wasted cash. Would not work and kept giving error certificate not trusted.

Good card option if you just need a small quantity. These come with a test certificat installed and the cards are blank on both sides with no identifying markings.When used as a contact card on Windows it works flawlessly.You will need writer software and hardware to use. That can be a bit tricky. Vendor has options but no free downloads for card management.Use with NFC was not optimal. The card continually connected and disconnected when left sitting ontop of the reader. This appears to be due to how the card is placed on the reader though.(On a HID Omnikey 5422, this card needs to be placed perpendicular to the reader and centered toward the front, or placed on the reader in about the same position that it would normally slide in to it.)I have yet to get this to work with Android, which was a primary consideration of the NFC PIVKey.

Happy with outcome! HOWEVER, It did required custom setup and huge effort, time, and programming to make functional with Linux. (Using opensc, pkcs11, sssd, gdm with smartcards seemed unmaintained and just not workable in my case despite the best efforts of Gemini, chatGPT, and Copilot)

I tried these as my first foray into the PIV smartcard world. I have experience with PKI and certificates, but not with smartcards. The documentation is great for those new to smart cards, loading certificates onto it is pretty straight forward, and it comes with a test certificate. Windows recognizes them read-only without a driver. I'm currently using it for authentication and signing certificates without issue in Chrome, Windows (code signing and logon), SSH (via PuttyCAC), a Keepass database (with plugin), and Softether VPN client (needs OpenSC).Be aware though that these have limitations compared to other PIV solutions. The documentation mentions many of them, but not all. Some notable limitations:* The provided tools for loading certificates and managing the slots and PIN are Windows-only. The open source tools for PIV management out there such as OpenSC's pivtool or yubico-piv-tool are NOT compatible.* No write support via PKCS11 at all. OpenSC's PKCS11 library is supported read-only if middleware is needed.* No support for the non-certificate parts of the PIV standard, such as the printed information and biometrics containers. Applications that try to access these containers will error out or crash (Veracrypt for example is incompatible for this reason).Veracrypt (needs biometric containers), GnuPG/Kleopatra's PIV support (no PKCS11 write support), and HID ActivClient (both the user console and PKCS11 library) are a few examples of software that do not function properly with a PIVKey regardless of configuration. ActivClient was especially disappointing to see unsupported considering its one of the most widely used enterprise middleware and end-user GUIs for smart cards. Taglio's official advice in their docs is to uninstall it.Hardware-wise, these look to be Feitian cards supporting javacard 2. GlobalPlatform was able to do a --list using the 404142... key.Printable on a standard badge printer (be sure to mark the chip area as excluded in the print driver).4 of 5 stars because these are perfect for small deployments that need nothing but basic Windows support, but are not a good choice if you want advanced capability.

I ordered one and it was not functional, even for the test. However, after communicating back and forth with Taglio, their customer service was exceptional and replaced the card, and sent another one for me to test with. so far the cards work as intended, and the next step is on me for the certificate authority using Win server 2012 R2. They've offered to help with that, which is a rarity in many organizations. Thanks for the restitution.

Proprietary software that comes with it is very broken - card is useless without the software, yet they do not put any effort into making it functional.