MUSCLE Smartcards and Browsers
I need information on how I can use smartcards with Netscape Navigator/Communicator and Internet Explorer, in order to perform secure authentication of a user. I know these browsers have support for smartcard authentication through certificates and SSL but I don't know how it works (or how to make it work). Is it possible just by the presense of PC/SC drivers + reader + card, or do I need additional software? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Smartcards and Browsers
On Wed, 17 Mar 1999, Martin Sigbjorn wrote: I need information on how I can use smartcards with Netscape Navigator/Communicator and Internet Explorer, in order to perform secure authentication of a user. I know these browsers have support for smartcard authentication through certificates and SSL but I don't know how it works (or how to make it work). Is it possible just by the presense of PC/SC drivers + reader + card, or do I need additional software? Of course you need additional software to make the whole stuff work... For Netscape, you have to write a PKCS#11 module which will perform the necessary cryptographic operations (basically RSA sign/verify and crypt/decrypt). For MSIE, you'll have to write a CSP (Crypto Service Provider) that will do pretty much the same, and it MUST be signed by Microsoft (the key is operated by the NSA, maybe it's just the opposite, but the 2 are involved in the process). This CSP will also have to check for wether the original CSP is a basic or enhanced version (512/1024 bits for RSA, 40/128 bits for RC2 and others). I don't know if your source will have to be reviewed for it to be signed... The easiest will be to start with Netscape... But you'll have to learn about PKCS#1, PKCS#8, and PKCS#10 (maybe also PKCS#7). The PKCS documents are available freely on http://www.rsa.com. You've got a very hard work to do. Good luck ;-) -- Erwann ABALEA System and Development Engineer - Certplus SA [EMAIL PROTECTED] - RSA PGP Key ID: 0x2D0EABD5 - *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***
Re: MUSCLE Smartcards and Browsers
Hello Martin, thanks for you interesting request. I can answer your question only for the Windows 9x/NT environment and GEMplus reader. In this environment you have to exchange some built-in security functions in your browser. For the Navigator the security functions are encapsulated in the PKCS#11-package (provided by RSA). But it's possible to replace some of the crypto-functions (e.g. RSA-signing) in this way, that these functions handle the crpyto algorithms with the certificate and the asymmetric function at the smartcard. GEMplus provides a package called GEMSAFE (99$). In this package all necessary software plug-ins for Netscape and IE are included. Also there are very good tutorials and user manuals (in pdf) included and - of course - the smartcard. Please ask gemplus-Support for these pdf-files about GEMsafe. It's NOT at the GEMPlus WWW-Server. But I have no further informations, how you could build your own plug-in for linux-netscape. By the way I'm very interested to solve this problem for the apache-WWW-Server with SSL-support. I would like to store the private key of the server into the smartcard and I want to use a modified version of the SSL-Software to communicate with this card. Nevertheless I hope, that these informations push you a little bit in the right direction. Could you send me some results of your request? Best regards and good luck Michael Martin Sigbjorn schrieb: I need information on how I can use smartcards with Netscape Navigator/Communicator and Internet Explorer, in order to perform secure authentication of a user. I know these browsers have support for smartcard authentication through certificates and SSL but I don't know how it works (or how to make it work). Is it possible just by the presense of PC/SC drivers + reader + card, or do I need additional software? *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html *** Dr. Michael Lehning Schulstr. 21b D-31137 Hildesheim Tel. ++49+5121-64570 FAX ++49+5121-64580 *** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***