架构从通用浏览器访问智能卡？或者：如何弥合从浏览器到PC / SC堆栈的差距？ [英] Architectures to access Smart Card from a generic browser? Or: How to bridge the gap from browser to PC/SC stack?

问题描述

从通用浏览器（通过http连接到服务器）访问本地智能卡的可能的客户端体系结构（最好是从Javascript），最终用户的最小安装麻烦是什么？服务器需要能够至少向卡发出其选择的APDU（或者可以将其中的一些委托给它生成的客户端代码）。我假设在客户端可用性的工作PC / SC堆栈，配备智能卡读卡器。这是一个合理的假设，至少在Windows XP，现代OS X和Unixes。

What are the possible client-side architectures to access a local Smart Card from a generic browser (connected to a server through http(s)), preferably from Javascript, with the minimum installation hassle for the end user? The server needs to be able to at least issue APDUs of its choice to the card (or perhaps delegate some of that to client-side code that it generates). I am assuming availability on the client side of a working PC/SC stack, complete with Smart Card reader. That's a reasonable assumption at least on Windows since XP, modern OS X and Unixes.

我已经确定了以下选项：

I have so far identified the following options:

1. 一些自定义ActiveX。这是我现有的应用程序使用（我们在内部开发），部署对于客户端是非常容易与IE一旦他们得到安装ActiveX的清除，但它不匹配的通用浏览器的要求。


2. 一些PC / SC浏览器扩展使用Netscape Plugin API，这似乎是上述的平滑扩展。我唯一的现成的一个是 SConnect ，但似乎几乎活着，其API 文档（webarchive）不再正式提供，它与特定智能卡供应商有密切关系。


3. 一个Java Applet，运行在Oracle的JVM（1.）6或更高版本之上，随附 javax.smartcardio 。从功能的角度来看，很好的文档，我可以与几个已知的bug，但我害怕一个不可抗拒的向下螺旋关于接受Java作为浏览器扩展。

1. Some custom ActiveX. That's what my existing application uses (we developed it in-house), deployment is quite easy for clients with IE once they get the clearance to install the ActiveX, but it does not match the "generic browser" requirement.
2. Some PC/SC browser extension using the Netscape Plugin API, which seems like a smooth extension of the above. The only ready-made one I located is SConnect, but it seems barely alive, its API documentation (webarchive) is no longer officially available, and it has strong ties to a particular Smart Card vendor. The principle may be nice, but making such a plugin for every platform would be a lot of work.
3. A Java Applet, running on top of Oracle's JVM (1.)6 or better, which comes with javax.smartcardio. That's fine from a functional point of view, well documented, I can live with the few known bugs, but I'm afraid of an irresistible downwards spiral regarding acceptance of Java-as-a-browser-extension.

任何其他想法？

此外：有一些方法可以防止滥用任何PC / SC接口浏览器有一个流氓服务器（例如显示3个错误的PIN，阻塞一个卡，只是为了它的肮脏;或做一些更邪恶的事情）。

Also: is there some way to prevent abuse of whatever PC/SC interface the browser has by a rogue server (e.g. presenting 3 wrong PINs to block a card, just for the nastiness of it; or making some even more evil things).

推荐答案

事实是，浏览器不能与（加密）智能卡谈论其他目的，而不是建立SSL。

The fact is that browsers can't talk to (cryptographic) smart cards for other purposes than establishing SSL.

您应需要额外的代码，由浏览器执行，才能访问智能卡。

You shall need additional code, executed by the browser, to access smart cards.

有多种自定义和专有插件（使用您提到的所有三个选项）用于各种目的（签名是最流行的，我猜），因为没有标准或者普遍接受的方式，至少在欧洲和其他地方也是如此。

There are tens of custom and proprietary plugins (using all three options you mentioned) for various purposes (signing being the most popular, I guess) built because there is no standard or universally accepted way, at least in Europe and I 'm sure elsewhere as well.

创建，分发和维护自己的应该是一个爆炸，因为浏览器每月发布因此你可能需要经常调整你的代码。

Creating, distributing and maintaining your own shall be a blast, because browsers release every month or so and every new release changes sanboxing ir UI tricks, so you may need to adjust your code quite often.

你可能想拥有GUI功能，至少

And you probably would want to have GUI capabilities, at least for asking the permission of the user to access a card or some functionality on it.

若要建立多平台多重浏览器外挂程式，例如 firebreath 。

For creating a multiple-platform, multiple browser plugin, something like firebreath could be used.

我个人认为，将PC / SC暴露给web是任何好。 PC / SC本质上是一个低级协议，当暴露这一点，你也可以暴露块级访问您的磁盘，并希望应用程序在网络上是我的唯一，他们的行为很好（这应该回答你的 ）。同时，像SConnect这样的薄垫片是最容易创建的，提供一个javscript plugin.sendAPDU（） - 样式代码（或者只是包装所有的PC / SC API，让javascript调用者处理相同级别的细节在本机PC / SC API使用情况下）。

Personally, I don't believe that exposing PC/SC to the web is any good. PC/SC is by nature qute a low level protocol that when exposing this, you could as well expose block level access to your disk and hope that "applications on the web are mine only and they behave well" (this should answer your "Also"). At the same time a thin shim like SConnect is the easiest to create, for providing a javscript plugin.sendAPDU()-style code (or just wrap all the PC/SC API and let the javascript caller take care of the same level of details as in native PC/SC API use case).

为此目的创建插件通常由急性当前缺陷驱动。

Creating a plugin for this purpose is usually driven by acute current deficiencies.

解决未来（移动等）是另一个故事，例如W3C webcrypto 和OpenMobile API最终会以某种方式创建将客户端密钥容器暴露给Web应用程序的东西。如果你的智能卡目标是加密，我的建议是避免PC / SC和使用平台服务（Windows上的CryptoAPI，OSX上的钥匙串，Linux上的PKCS＃11）

Addressing the future (mobile etc) is another story, where things like W3C webcrypto and OpenMobile API will probably finally somehow create something that exposes client-side key containers to web applications. If your target with smart cards is cryptography, my suggestion is to avoid PC/SC and use platform services (CryptoAPI on Windows, Keychain on OSX, PKCS#11 on Linux)

任何设计都有要求。如果您想使用键而不是任意APDU，这一切都适用。如果你的要求是发送任意APDU，请创建一个插件，并与它一起去。

Any kind of design has requirements. This all applies if you're thinking of using keys rather than arbitrary APDU-s. If your requirement is to send arbitrary APDU-s, do create a plugin and just go with it.

这篇关于架构从通用浏览器访问智能卡？或者：如何弥合从浏览器到PC / SC堆栈的差距？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！