Using certificate on hardware token in browser
asked 2016-03-28 13:30:01 +0200
Hello,
I have a qualified certificate (on cryptographic token) and I would like to use it for SSL authentication in the SailfishOS browser. I built the packages, required to get the CCID card reader and the cryptographic smart card working:
- PC/SC driver for USB CCID smart card readers (libccid)
- PC/SC Lite
- OpenSC
I registered the PKCS#11 module:
modutil -dbdir /home/nemo/.mozilla/mozembed -add "OpenSC" -libfile /usr/lib/opensc-pkcs11.so
The smard card is listed by modutil, but when I open a web site, requiring user authentication in the browser I don't get the prompts to enter the card's PIN and to choose certificate.
Am I missing something?
Thanks!
Update: If the smart card reader is not plugged in, the browser, modutil and certutil are hanging.
I really doubt that Jolla browser supports this. Pcsclite have to be in daemon mode. In my case(desktop linux), to get this working, except smart card i had to install a software certificate chain also(provided from the certificate issuer). When i did use smart card in Linux it was constant battle to keep it operational. Every update led to few sleepless nights fixing it. :(
Kollin ( 2016-03-28 20:51:33 +0200 )editWhat device are you using? Jolla Phone doesn't support USB hostmode so an USB card reader shouldn't work with it.
jollailija ( 2016-03-28 21:23:41 +0200 )editI am using Motorola Photon Q, running Sailfish OS 2.0.0.10 I installed the certificates using certutil. Probably the browser doesn't support multiple tokens. If the smart card reader is CCID compatible, the installation on Linux is pretty straightforward.
vevgeniev ( 2016-03-28 22:50:08 +0200 )editI want to use my Nitrokey under Sailfish. I have managed to get udev to recognize the device, but am still missing the libccid package. You have built it? Where can I find it?
martijntje ( 2019-01-14 22:15:16 +0200 )editPlease check: https://openrepos.net/user/6543/programs
vevgeniev ( 2019-01-15 18:05:09 +0200 )edit