Looks like you're using pkcs11 instead of inventing your own stuff, so kudos for that at least.

But I wish people would be aware of smartcards more, they are all around us, but sort of invisible and unnoticed.

1. But cheap blank "Java" smartcards, more or less disposable

2. Install this applet on it https://github.com/philipWendland/IsoApplet

3. Works with OpenSC

Is it possible to use a chip/EMV credit card as an X.509 certificate? Let the credit card company know your private key (paranoid assumption; not necessarily true) & skip straight to step 3!

Look, I'm not an expert, I just dabble a bit. In theory there's no need for anyone to know your private key, it is generated on the card and kept there, unextractable. As I understand it there's nothing stopping credit card companies from allowing you generate your own keys on it (on a technical side that is), it just wasn't done AFAIK.

I have a smart card so I have the reader, but when I put in my credit card it doesn't even appear as though it can read it. I would love to use my "always-with-me" credit card for home PC sign-on and whatever else but there's nothing out there on the integration. Any pointers would be appreciated!

Card CPLC:

ICFabricator: 4790

ICType: 5049

OperatingSystemID: 8241

OperatingSystemReleaseDate: 2218

OperatingSystemReleaseLevel: 1520

ICFabricationDate: 3086

ICSerialNumber: 06575696

ICBatchIdentifier: 6664

ICModuleFabricator: 4810

ICModulePackagingDate: 3086

ICCManufacturer: 1180

ICEmbeddingDate: 3086

etc

I guess it's enough information to concoct some kind of 2-factor auth, but what is stopping you from promoting your real smart card into "always-with-me"? Or one of smartcards, since you can have many.

NFC-capable phones can act as a card reader for contactless smartcards AFAIK, so that's something you can look into also.