CAC Client Application Authentication in Python

StackOverflow https://stackoverflow.com/questions/2366636

  •  23-09-2019
  •  | 
  •  

Question

I am building a python application to pull data from a website. The application has to authenticate(HTTPS/SSL) with a CAC card and pin in order to make requests.

Am I correct in my assumptions that you can't retrieve the private key from a CAC card, and am therefore stuck using a PKCS #11 Wrapper like PyKCS?

Any tips or resources for going about this?

Was it helpful?

Solution

Authentication and signature keys are usually generated on the card and are not extractable, unlike encryption keys which can/should be escrowed somewhere.

See Need help using M2Crypto.Engine to access USB Token for an example with M2Crypto that explains how to use a smart card via PKCS#11 for website access in python.

OTHER TIPS

You are correct. That's the whole purpose of the smart card to keep the private keys safe. If your application is running in Windows you can try using WININET.DLL for your connectivity, with the correct middleware installed it should handle authentication to the CAC enabled site automatically.

I would attempt to find out if an ECA cert is a suitable substitute. For example, there sites that accept CAC and ECA certs. For more info: http://iase.disa.mil/pki/eca/certificate.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top