jcp have such an implementation currently in testing.
we've got a java based ssl implementation [ rsa key exchange only ], and
we've just completed work on a smartcard key store and jca/jce signature
service provider, through the ocf. it doesn't quite work for ssl client
auth yet, because the card we initially wrote ocf card services for was the
gpk2000, which is incapable of doing the md5+sha signatures that ssl
requires. we're working on services for the gpk4000 [ or will be once we
extract some cards from gemplus ], and once those are complete we'll be away
craig
> Marten,
>
> you could use https without client authorization at the browser level (or
> even omit that)
> and open a new https session from the applet that uses a smart card to
> perform
> client authentication.
> What you need is a client side SSL implementation (well, actually a java
> https protocol handler) that uses opencard
> and the smartcard to perform the client side signing.
> Unfortunately I do not know of any such implementation.
craig mcmillan
security systems development
jcp computer services ltd
http://www.jcp.co.uk/
pgp public key available from keyservers everywhere
key id: 0xE32C8445
fingerprint: 8F94 59A7 B7D3 50B7 9EE1 FB90 70E9 30A9 E32C 8445
Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for
access to documentation, code, presentations, and OCF announcements.
-----------------------------------------------------------------------------
To unsubscribe from the OCF Mailing list, send a mail to
"[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the
message.
