Scute and SmartCard insertion/removal in Firefox
uhu at gmx.ch
Wed Feb 5 17:41:23 CET 2014
Thanks a lot for your help. It works now!
After you pointed out re-negotiation, I first tried to find a way to
dynamically request TLS renegotiation from the server (apache tomcat).
All I could find is people thinking that this is a bad idea. I still
think it makes sense in the given example, but I couldn't figure out how.
However, while looking for information I came across a page where
function (window.crypto.logout(), not everywhere available but at least
it exists in Firefox). This will request the client to forget about
sessions and renegotiate the connection, which is exactly what I need.
On 02/05/2014 04:15 PM, Martin Paljak wrote:
> If you have a web server *and* a client where you can control the
> session cache and initiate a re-negotiation, Firefox will try to look
> at your token again.
> At least this was the case a while ago.
> +372 515 6495
> On Wed, Feb 5, 2014 at 12:58 PM, Urs Hunkeler <uhu at gmx.ch> wrote:
>> I use the GnuPG card and have installed all the software, including Scute. I
>> configured a server for HTTPS asking for client certificates. When the card
>> is inserted before requesting the page, I get a request for the user PIN for
>> the card, and then the certificate is exchanged with the server as desired,
>> and everything works fine.
>> When the card is not inserted, my web application detects that no
>> certificate has been sent and shows a login-failed message. If I then insert
>> the card and reload the page, the card is not accessed and login still
>> fails. I actually have to terminate and restart Firefox for it to use the
>> card (shift-click on reload does not work either).
>> Ideally, I would like to be logged out when I remove the card and logged in
>> detect card insertion/removal
>> code detects successfully insertion and removal of the card. Using mozilla's
>> example script, when I remove the card, the page is reloaded, but displays
>> an error message. I can probably hide the error message by verifying the
>> connection in the background (AJAX) or reloading the page with a delay.
>> However, when I insert the card, the page is still reloaded but the client
>> certificate is not used.
>> Is there a way to reload a page and explicitly request that the SmartCard be
>> accessed? Or do you have any suggestions for a work-around?
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
More information about the Gnupg-users