Scute and SmartCard insertion/removal in Firefox

Urs Hunkeler uhu at gmx.ch
Wed Feb 5 17:41:23 CET 2014


Dear Martin,

Thanks a lot for your help. It works now!

After you pointed out re-negotiation, I first tried to find a way to 
dynamically request TLS renegotiation from the server (apache tomcat). 
All I could find is people thinking that this is a bad idea. I still 
think it makes sense in the given example, but I couldn't figure out how.

However, while looking for information I came across a page where 
somebody had a very similar issue and uses the JavaScript logout 
function (window.crypto.logout(), not everywhere available but at least 
it exists in Firefox). This will request the client to forget about 
sessions and renegotiate the connection, which is exactly what I need.

Cheers,
Urs


On 02/05/2014 04:15 PM, Martin Paljak wrote:
> If you have a web server *and* a client where you can control the
> session cache and initiate a re-negotiation, Firefox will try to look
> at your token again.
>
> At least this was the case a while ago.
> --
> Martin
> +372 515 6495
>
>
> On Wed, Feb 5, 2014 at 12:58 PM, Urs Hunkeler <uhu at gmx.ch> wrote:
>> Hi,
>>
>> I use the GnuPG card and have installed all the software, including Scute. I
>> configured a server for HTTPS asking for client certificates. When the card
>> is inserted before requesting the page, I get a request for the user PIN for
>> the card, and then the certificate is exchanged with the server as desired,
>> and everything works fine.
>>
>> When the card is not inserted, my web application detects that no
>> certificate has been sent and shows a login-failed message. If I then insert
>> the card and reload the page, the card is not accessed and login still
>> fails. I actually have to terminate and restart Firefox for it to use the
>> card (shift-click on reload does not work either).
>>
>> Ideally, I would like to be logged out when I remove the card and logged in
>> when I insert the card. Mozilla provides an unofficial JavaScript object to
>> detect card insertion/removal
>> (https://developer.mozilla.org/en-US/docs/JavaScript_crypto). The JavaScript
>> code detects successfully insertion and removal of the card. Using mozilla's
>> example script, when I remove the card, the page is reloaded, but displays
>> an error message. I can probably hide the error message by verifying the
>> connection in the background (AJAX) or reloading the page with a delay.
>> However, when I insert the card, the page is still reloaded but the client
>> certificate is not used.
>>
>> Is there a way to reload a page and explicitly request that the SmartCard be
>> accessed? Or do you have any suggestions for a work-around?
>>
>> Sincerely,
>> Urs
>>
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>




More information about the Gnupg-users mailing list