[webkit-gtk] Support for PKCS11 / Smartcard?

Igor Korot ikorot01 at gmail.com
Sat Dec 1 18:45:19 PST 2018 

Hi, Jim,

On Sat, Dec 1, 2018 at 6:09 PM mailto428496 <mailto628496 at cox.net> wrote:
>
> Igor,
>
> I think what you are asking is whether the system has been correctly
> setup for smartcard?  The answer is yes.  The EL7 system has all the
> pcscd, opensc, etc. packages and smartcard works correctly for machine
> login and using the firefox browser (via libcoolkey) for smartcard
> enabled sites.  The issue is just that the webkit-gtk browser (used by
> Evolution for OAuth2) doesn't know how to talk to the smartcard device
> (no hooks to libcoolkey, etc.), all the other framework is in place.

Since you were asking about this I would have guessed that you have
everything setup.
My E-mail is more targeted to people who is doig webkit-gtk to let
them understand what is
needed.

BTW, do you use external reader for testing or the one incorporated
into the keyboard?

Michael,
I believe you can buy an external card reader but it will probably be
a problem to do
testing without the actual card.

Thank you.

>
> Thanks,
>
>
> Jim
>
>
> On 12/01/2018 12:37 PM, Igor Korot wrote:
> > For anybody interested:
> > On Sat, Dec 1, 2018 at 11:21 AM Michael Catanzaro <mcatanzaro at igalia.com> wrote:
> >> On Sat, Dec 1, 2018 at 11:14 AM, Michael Catanzaro
> >> <mcatanzaro at igalia.com> wrote:
> >>> It would need to be investigated by a developer with a smartcard and
> >>> some interest in figuring out how it's supposed to work. You might
> >>> know more than me! Did any of that make sense?
> >> BTW to be clear:
> >>
> >>  * WebKit client auth is extremely likely to arrive sometime soonish.
> >> Shame it's not working quite yet.
> >>  * But once client auth is ready, smartcards may or may not work. No
> >> clue. There's a good chance they will, but it definitely won't be
> >> tested in WebKit, so maybe 50/50 odds, I really don't know.
> > Whether it is an external reader or the keyboard one the driver has to
> > be installed.
> > I know RHEL provides such a driver in their kernel/repository.
> >
> > Then all you do is to append the certificate to the browser and when you access
> > secure site it will ask you to provide a PIN.
> >
> > But as I said - the first thing is to have an appropriate driver.
> > And when you do - attach the reader and insert the card.
> >
> > The driver should kick in, the light on the reader should start blinking and
> > there should appear a dialog about the card successfully read.
> >
> > If that part works - then we should start checking the browser.
> >
> > Thank you.
> >
> >> Michael
> >>
> >> _______________________________________________
> >> webkit-gtk mailing list
> >> webkit-gtk at lists.webkit.org
> >> https://lists.webkit.org/mailman/listinfo/webkit-gtk
>

More information about the webkit-gtk mailing list