ajee cai
2018-07-31 05:31:47 UTC
Hi,
I am just thinking about what happens underneath when I select a client
certificate from chrome popup for smart card case.
From openssl command line, it seems client certificate authentication is
done by "openssl s_client -cert cert_name -key key_name ...." which
actually calls "set_cert_key_stuff(ctx, cert, key, chain, build_chain)",
then all things done. While for smart card, the private key could not be
read out. I use APDU trace to find out, the browser seems to pass some data
to smart card and then smart card sign this data with its private key and
pass back to browser, then browser fills its client verify message.
So here my question is: How does Chrome talk with smart card exchanging
this signature information, is there any OS API to call for smart card? I
don't think it is done by lower layer APDU, it must be some abstract layer,
is there for both Linux and Windows? And could somebody point out which
part of Chrome code handing this logic?
Thanks a lot.
I am just thinking about what happens underneath when I select a client
certificate from chrome popup for smart card case.
From openssl command line, it seems client certificate authentication is
done by "openssl s_client -cert cert_name -key key_name ...." which
actually calls "set_cert_key_stuff(ctx, cert, key, chain, build_chain)",
then all things done. While for smart card, the private key could not be
read out. I use APDU trace to find out, the browser seems to pass some data
to smart card and then smart card sign this data with its private key and
pass back to browser, then browser fills its client verify message.
So here my question is: How does Chrome talk with smart card exchanging
this signature information, is there any OS API to call for smart card? I
don't think it is done by lower layer APDU, it must be some abstract layer,
is there for both Linux and Windows? And could somebody point out which
part of Chrome code handing this logic?
Thanks a lot.
--
--
Chromium Discussion mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+***@chromium.org.
--
Chromium Discussion mailing list: chromium-***@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+***@chromium.org.