Reputation: 1703
Remember SmartCard PIN using Java Applet for accessing Keystore
I am able to access to a SmartCard with a Java Applet (embedded) using MS CryptoAPI and PKCS#11 (registering the provider with the .dll). I can use both, but right now I'm using the CryptoAPI one for having an easier support for all keyboards/Windows versions:
keystore = KeyStore.getInstance("Windows-MY");
keystore.load(null,null);
I'm using Javascript to comunicate with Java to sign some operations in a web application I am developing.
The default use case is just what I need:
- I get/load the Keystore
- I try to sign something, it ask for the PIN and once introduced it remembers until the end of the session (when I extract the SmartCard or cache timeout).
The problem is: It's an embedded Applet. When I sign something in web page A and then I go to web page B (through a link or redirect, for ex.), the Applet is destroyed/created (just like the JVM) and the session is lost so I have to introduce again the PIN. This does not happen if I do not leave/reload the actual web page, of course.
Questions: Is there some way to reuse the session/Applet/JVM programmatically? or loading the Keystore in a way that can avoid this problem?
Possible workaround solutions I already know:
- Free floating Applet. I can't, it has no GUI and I need to comunicate with JS...
- Web in a frameset/iframe. Dirty.
- Ajaxify the web (just one page + all operations in Ajax + some kind of history JS plugin or PushState). This is the solution I like more but requires some refactoring.
Upvotes: 1
Views: 1378
Answers (1)
Reputation: 1703
I ended up doing it in a completely different way: Creating a client desktop app for the signature. This app is installed in all desktop clients (this is ok for me because it's a corporate environment).
This new app listens to a port with a HttpListener. I connect from the web via javascript (jsonp), send the string to be signed, and it returns the js callback with the result signed.
- It now remembers the PIN because it does not lose the session.
- And, therefore, do not need Java.
Upvotes: 1
Related Questions
- Access Smartcard data prior to giving a PIN
- Getting certificates from PKCS11 Smartcard without PIN/password
- Unblock PIN of SmartCard via Java (SunPKCS11)
- Always ask for the pin KeyStore PKCS11
- read certificate from smartcard
- Reset Smart Card pin having Muscle card applet
- Reusing Java Keystore when accessing a smartcard on Windows
- Java PKCS11 with iaik
- Accessing smartcard keystore in an applet, through a js call
- How to access a smartcard in Java on Linux?