Scute and SmartCard insertion/removal in Firefox

Martin Paljak martin at martinpaljak.net
Wed Feb 5 16:15:01 CET 2014


If you have a web server *and* a client where you can control the
session cache and initiate a re-negotiation, Firefox will try to look
at your token again.

At least this was the case a while ago.
--
Martin
+372 515 6495


On Wed, Feb 5, 2014 at 12:58 PM, Urs Hunkeler <uhu at gmx.ch> wrote:
> Hi,
>
> I use the GnuPG card and have installed all the software, including Scute. I
> configured a server for HTTPS asking for client certificates. When the card
> is inserted before requesting the page, I get a request for the user PIN for
> the card, and then the certificate is exchanged with the server as desired,
> and everything works fine.
>
> When the card is not inserted, my web application detects that no
> certificate has been sent and shows a login-failed message. If I then insert
> the card and reload the page, the card is not accessed and login still
> fails. I actually have to terminate and restart Firefox for it to use the
> card (shift-click on reload does not work either).
>
> Ideally, I would like to be logged out when I remove the card and logged in
> when I insert the card. Mozilla provides an unofficial JavaScript object to
> detect card insertion/removal
> (https://developer.mozilla.org/en-US/docs/JavaScript_crypto). The JavaScript
> code detects successfully insertion and removal of the card. Using mozilla's
> example script, when I remove the card, the page is reloaded, but displays
> an error message. I can probably hide the error message by verifying the
> connection in the background (AJAX) or reloading the page with a delay.
> However, when I insert the card, the page is still reloaded but the client
> certificate is not used.
>
> Is there a way to reload a page and explicitly request that the SmartCard be
> accessed? Or do you have any suggestions for a work-around?
>
> Sincerely,
> Urs
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list