MUSCLE Smartcards and Browsers
I need information on how I can use smartcards with Netscape Navigator/Communicator and Internet Explorer, in order to perform secure authentication of a user. I know these browsers have support for smartcard authentication through certificates and SSL but I don't know how it works (or how to make it work). Is it possible just by the presense of PC/SC drivers + reader + card, or do I need additional software? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Looking for Proposals on MUSCLE And OPEN CARD Development.
I know this isn't a job fair, but I'm really interested in getting our products up to speed with both Muscle and the Open Card Standard. I haven't been able to get my boss to allow me the the time to do so. He has however asked me to look into the possibility of out souring it. Well I figured the best place to go was here. I apologize if this offends any of you. I know this is a developers forum. We design and manufacture several different versions of intelligent reader/writers: Serial,Parallel,PCMCIA,PCI(Chipset, and internal reader), and very shortly USB devices. On top of our readers being intelligent they also have a patented feature called virtual tokens. This is the presents of programmable memory in the readers themselves. This will in the very near future allow things such as authentication and software copy protection to be done through the reader freeing up the card slot for such things as e-commerce. If anyone out there is interested in tackling the job please reply with your proposal. We will be glad to furnish you with one of our kits, and upon the signing of a NDA our hardware interface specifications. Cy Allen Hudson Software Engineer Tritheim Technologies *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Smartcards and Browsers
On Wed, 17 Mar 1999, Martin Sigbjorn wrote: I need information on how I can use smartcards with Netscape Navigator/Communicator and Internet Explorer, in order to perform secure authentication of a user. I know these browsers have support for smartcard authentication through certificates and SSL but I don't know how it works (or how to make it work). Is it possible just by the presense of PC/SC drivers + reader + card, or do I need additional software? Of course you need additional software to make the whole stuff work... For Netscape, you have to write a PKCS#11 module which will perform the necessary cryptographic operations (basically RSA sign/verify and crypt/decrypt). For MSIE, you'll have to write a CSP (Crypto Service Provider) that will do pretty much the same, and it MUST be signed by Microsoft (the key is operated by the NSA, maybe it's just the opposite, but the 2 are involved in the process). This CSP will also have to check for wether the original CSP is a basic or enhanced version (512/1024 bits for RSA, 40/128 bits for RC2 and others). I don't know if your source will have to be reviewed for it to be signed... The easiest will be to start with Netscape... But you'll have to learn about PKCS#1, PKCS#8, and PKCS#10 (maybe also PKCS#7). The PKCS documents are available freely on http://www.rsa.com. You've got a very hard work to do. Good luck ;-) -- Erwann ABALEA System and Development Engineer - Certplus SA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5 - *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
MUSCLE RE: Smartcards and Browsers
BOUNCE Non-member submission from [Remo Tabanelli Martin Sigbjorn wrote: I need information on how I can use smartcards with Netscape Navigator/Communicator and Internet Explorer, in order to perform secure authentication of a user. I know these browsers have support for smartcard authentication through certificates and SSL but I don't know how it works (or how to make it work). Is it possible just by the presense of PC/SC drivers + reader + card, or do I need additional software? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** You need PKCS#11 software for netscape and a CSP (cryptographic service provider) software (that can be mapped on top of the pkcs#11 layer or not) for IE CSP is the proprietary cryptoApi from MS The first problem that you probabli will encounter is that (because PKCS#11 exactly as the CSP) is merely an API the so called cryptoky (the software interface) will hide the lower layers of the sotware (such as the card reader driver, the smartcard driver ...and so on) you have to deal with some complexity in writing ONLY ONE PKCS#11 (or CSP) interface instead than multiple interfaces (one for each couple... combination of card and reader). You can probably find a card manufacturer (such as schlumberger) that can give you the entire "chain" (pkcs#11+pc/sc+rader+card) ... but there is a bad new (a good new for the manufacturer on the other side) .. and the bad new is that all the layers are a "monolitic bloc" making impossible for you to use the sofware for other devices (other cards and readers). The absence of real standards of interoperability (standard that you may use to read the card Y on the reader Z and the same card Y on the reader X using the same high level interface) is the biggest obstacle to the diffusion of "real world" applications using smartcards. This is also the reason why initiatives and effords like MUSCLE make a lot of sense. Remo Tabanelli *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Smartcards and Browsers
Hello Martin, thanks for you interesting request. I can answer your question only for the Windows 9x/NT environment and GEMplus reader. In this environment you have to exchange some built-in security functions in your browser. For the Navigator the security functions are encapsulated in the PKCS#11-package (provided by RSA). But it's possible to replace some of the crypto-functions (e.g. RSA-signing) in this way, that these functions handle the crpyto algorithms with the certificate and the asymmetric function at the smartcard. GEMplus provides a package called GEMSAFE (99$). In this package all necessary software plug-ins for Netscape and IE are included. Also there are very good tutorials and user manuals (in pdf) included and - of course - the smartcard. Please ask gemplus-Support for these pdf-files about GEMsafe. It's NOT at the GEMPlus WWW-Server. But I have no further informations, how you could build your own plug-in for linux-netscape. By the way I'm very interested to solve this problem for the apache-WWW-Server with SSL-support. I would like to store the private key of the server into the smartcard and I want to use a modified version of the SSL-Software to communicate with this card. Nevertheless I hope, that these informations push you a little bit in the right direction. Could you send me some results of your request? Best regards and good luck Michael Martin Sigbjorn schrieb: I need information on how I can use smartcards with Netscape Navigator/Communicator and Internet Explorer, in order to perform secure authentication of a user. I know these browsers have support for smartcard authentication through certificates and SSL but I don't know how it works (or how to make it work). Is it possible just by the presense of PC/SC drivers + reader + card, or do I need additional software? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** Dr. Michael Lehning Schulstr. 21b D-31137 Hildesheim Tel. ++49+5121-64570 FAX ++49+5121-64580 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***