Comments (11)
-
If the device is compatible with PC/SC-Lite and CCID, then you can write a Chrome extension that uses the Smart Card Connector app and the chrome.certificateProvider API in order to expose the key to Chrome OS. That's what the existing extensions do, like CSSI (https://chrome.google.com/webstore/detail/cssi-smart-card-middlewar/haeblkpifdemlfnkogkipmghfcbonief) or CACKey (https://chrome.google.com/webstore/detail/cackey/lpimdiknnpijeigckalekdccibdmeojg).
-
If the device is incompatible with PC/SC-Lite+CCID, then currently your only option is to implement the full stack, starting from the USB driver, yourself - see the chrome.usb API. There's no support right now in the Smart Card Connector app for custom drivers for readers.
P.S. Chrome OS doesn't use PKCS#11 APIs - at least when talking to third-party modules. Only the much smaller chrome.certificateProvider is used in this area in Chrome OS.
from chromeos_smart_card_connector.
Regarding non Chrome OS platforms - AFAIK, there's no plan right now to add support for running custom PKCS#11 modules as Chrome extensions (plugins, etc.) right now. Chrome uses the platform capabilities (e.g., the NSS library) for working with the certificates and keys on these platforms.
from chromeos_smart_card_connector.
Is it possible to write chrome.certificateProvider implementation for other platform (not Chrome OS) ?
from chromeos_smart_card_connector.
Nope, chrome.certificateProvider is Chrome OS only. As I said above, only the platform capabilities are used on other platforms, like NSS.
from chromeos_smart_card_connector.
Do you plan to provide something like chrome.certificateProvide for other platforms to allow use custom midlleware in chrome for smartcard support ?
from chromeos_smart_card_connector.
There are no such plans currently.
from chromeos_smart_card_connector.
Unfortunately, there is a big issues that there is no possibility to use Chrome with custom smart card device manager in cause that a lot of governmental organisations should use smart cards with approved (non standard ) internal implementation ( just like US Department of Defense Common Access Card) on different platforms. Smart cards developers provides a platform dependent libraries with implementation of PKCS11 interface. So in result users in governmental organizations should use Mozilla Firefox. But it will be great to allow use them their loved browser Chrome for work without any restrictions.
from chromeos_smart_card_connector.
Sorry, I'm not following what is the specific problem with the PKCS#11 modules in Chrome.
There's no official documentation that I could find right now, but see, for example, this third-party description: https://homepage.ruhr-uni-bochum.de/jan.holthuis/posts/smartcard-authentification-in-chrome
from chromeos_smart_card_connector.
Thank you for your answers. I am already tested this third-party example and it works fine, but only for linux systems. To make something like that for windows is another issue. And also it`s may be good solution for developer but not for end user. So it will be cool to add some another way to work with smart cards in Chrome on any platform. Thank you very much !
from chromeos_smart_card_connector.
The smallest thing that can help is something like chrome.certificateProvide for other platforms to allow developers write their implementations to communicate with ccid compatible smart card and custom providers.
from chromeos_smart_card_connector.
I'm not super familiar with the process of smart card setup on Windows, but AFAIK Windows is already pre-bundled with some middleware; one can also install custom middleware into Windows when needed.
For example - see this third-party page for the process of Windows setup for using CAC cards: http://militarycac.com/activclient.htm (please beware that this is a third-party page, use it at your own risk).
The extension+certificateProvider based approach won't work on Windows, since two drivers cannot access the same USB device at the same time (one driver is a driver installed into Windows, and another would be the Chrome that hosts the extension). We don't want to build a solution that only works when the user has to disable standard Windows drivers and to prevent other desktop applications from using the smart card.
from chromeos_smart_card_connector.
Related Issues (20)
- Replace for loops in SCardStatus tests with something more deterministic
- Test shutdown hangs for 10min if reader is added shortly before HOT 2
- Test flakiness in SmartCardConnectorApplicationSingleClientTest.SCardConnectProtocolMismatch HOT 1
- ASan use-after-free report in case multiple readers are used HOT 1
- ASan use-after-free in EHTryToUnregisterClientForEvent HOT 1
- Flaky "No smart card inserted" SCardConnect errors in tests HOT 1
- Test flakiness due to eventCount
- Test flakiness on "Check "is_closed_" failed"
- Error -2146435049 since last update HOT 13
- Test flakiness on "Check "result" failed" HOT 3
- Avoid duplicate concurrent transfer USB API calls
- How to add extension to allowlist HOT 1
- Still getting permission despite adding admin policy HOT 3
- Double errors HOT 2
- Re-enable `INCOMING_MODULE_JS_API` in WebAssembly builds
- Popup dialogs are created with wrong width HOT 2
- Switch Smart Card Connector to Extensions Manifest V3 HOT 4
- Flaky "Timed out receiving message from renderer" error in tests HOT 1
- Don't create PC/SC permission prompts on Login Screen HOT 1
- Closure Library deprecation HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chromeos_smart_card_connector.