[webkit-gtk] Support for PKCS11 / Smartcard?

mailto428496 mailto628496 at cox.net
Sun Dec 2 12:25:15 PST 2018


I am using an external card reader, specifically the SCR331.  You can
also buy smartcards for relatively cheap and create a self signed cert
for them for testing.



On 12/01/2018 09:45 PM, Igor Korot wrote:
> Hi, Jim,
> On Sat, Dec 1, 2018 at 6:09 PM mailto428496 <mailto628496 at cox.net> wrote:
>> Igor,
>> I think what you are asking is whether the system has been correctly
>> setup for smartcard?  The answer is yes.  The EL7 system has all the
>> pcscd, opensc, etc. packages and smartcard works correctly for machine
>> login and using the firefox browser (via libcoolkey) for smartcard
>> enabled sites.  The issue is just that the webkit-gtk browser (used by
>> Evolution for OAuth2) doesn't know how to talk to the smartcard device
>> (no hooks to libcoolkey, etc.), all the other framework is in place.
> Since you were asking about this I would have guessed that you have
> everything setup.
> My E-mail is more targeted to people who is doig webkit-gtk to let
> them understand what is
> needed.
> BTW, do you use external reader for testing or the one incorporated
> into the keyboard?
> Michael,
> I believe you can buy an external card reader but it will probably be
> a problem to do
> testing without the actual card.
> Thank you.
>> Thanks,
>> Jim
>> On 12/01/2018 12:37 PM, Igor Korot wrote:
>>> For anybody interested:
>>> On Sat, Dec 1, 2018 at 11:21 AM Michael Catanzaro <mcatanzaro at igalia.com> wrote:
>>>> On Sat, Dec 1, 2018 at 11:14 AM, Michael Catanzaro
>>>> <mcatanzaro at igalia.com> wrote:
>>>>> It would need to be investigated by a developer with a smartcard and
>>>>> some interest in figuring out how it's supposed to work. You might
>>>>> know more than me! Did any of that make sense?
>>>> BTW to be clear:
>>>>  * WebKit client auth is extremely likely to arrive sometime soonish.
>>>> Shame it's not working quite yet.
>>>>  * But once client auth is ready, smartcards may or may not work. No
>>>> clue. There's a good chance they will, but it definitely won't be
>>>> tested in WebKit, so maybe 50/50 odds, I really don't know.
>>> Whether it is an external reader or the keyboard one the driver has to
>>> be installed.
>>> I know RHEL provides such a driver in their kernel/repository.
>>> Then all you do is to append the certificate to the browser and when you access
>>> secure site it will ask you to provide a PIN.
>>> But as I said - the first thing is to have an appropriate driver.
>>> And when you do - attach the reader and insert the card.
>>> The driver should kick in, the light on the reader should start blinking and
>>> there should appear a dialog about the card successfully read.
>>> If that part works - then we should start checking the browser.
>>> Thank you.
>>>> Michael
>>>> _______________________________________________
>>>> webkit-gtk mailing list
>>>> webkit-gtk at lists.webkit.org
>>>> https://lists.webkit.org/mailman/listinfo/webkit-gtk

More information about the webkit-gtk mailing list