I would like to use a regular SIM card to store an AES key to be used by an AVR micro-controller. I think that a SIM is secure enough (isn't it?).
My problem is that I can find nothing about interfacing a SIM card with Arduino (for prototyping) as secure storage and not as GSM. Do I have to flash a custom OS to the SIM card? Or should I just buy an ordinary smart card and just cut it in SIM card dimensions?
Best Answer
literal answer
The "SIM Reader" and a few wires appears to be all the hardware needed to interface a SIM card to an Arduino. There seem to be some Python scripts designed to talk to it over a serial port; perhaps you wouldn't find it too difficult to translate to something (C++) that runs on an Arduino.
"A SIM card is a smart card." -- Thomas Pornin. "Is there cryptographic material in a phone's SIM card that can be used with RSA encryption?"
Most SIM cards today have "applications" that run on the little CPU in the SIM card stored in the flash of the SIM card. -- "A brief introduction to the SIM-cards"
more general answer
No matter which chip the crypto software is running on, it seems better to generate and keep the key inside that same chip.
It seems to be easier to write software that implements public-key encryption to run on a AVR than to run on a smart card. If you run the crypto on the AVR chip, then it would be better to keep the secure key inside the AVR chip rather than try to store it externally.
Public-key encryption (combined with symmetric encryption like AES) seems to be more generally useful than any symmetric encryption system alone. It sounds like you may be interested in the "Pico: No more passwords!" system; see also the early "Pico: No More Passwords!" video.