Вопрос

Reading smartcard keystore from browser for digital signature vs using it for authentication, why for digital signature keystore we have to use applet (run some code on client machine to read the key) vs for authentication browsers reads the keys without any applet or plugin etc.How smartcard lists smart card keys without any javascript or applet code.

Это было полезно?

Решение

digital signature functionnality is not yet implemented in web browsers APIs. A standard API is under work: WebCrypto. See http://www.w3.org/TR/WebCryptoAPI for an overview and more specifically http://www.w3.org/TR/WebCryptoAPI/#document-signing.

By the way, the keys are never read from the smartcard. The operation on the private key must always be made by the smartcard itself to ensure the key privacy.

Другие советы

The authentication part is handled by the TLS/SSL implementation, which is an intrensic part of the browser. There is no need to perform digital signature generation by the browser, so that is not included.

Of course not all browsers implement smart card functionality, and the ones that do may do it differently (e.g. IE uses the latest Microsoft proprietary API available when that version of IE was developed, and Firefox uses PKCS#11 through NSS).

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top