Paul, That won't cut it: The cards I use/code do not have RSA capabilities but only symmetrical algorithms (AES, 3DES, ....). I use the same type of authentication you would see between a POS and a Smart Card (ex: B0' in France)
So I cannot hookup to one of the standards (PKCS11 or CSP). Thanks anyway. Regards, Philippe Paul Rubin wrote: > "Philippe C. Martin" <[EMAIL PROTECTED]> writes: >> ***** HOW (if there's a better way let me know please) ****** >> As I have not found any better solution yet, I am trying to do the >> following (on the server there is an html file and a cgi file) > > If I understand it, you're trying to use a smart card to authenticate > a web site login. The major browsers already have smart card interfaces > (Windows CAPI for MSIE, or PKCS11 for Netscape/Moz*) so you shouldn't > need a plugin. On the other hand, smart cards are very slow. > > The typical approach is as follows (MSIE version). Stop using special > smart card programs and just use a card that implements CAPI with a > from the vendor and that can sign against an X509 certificate. The > CSP will have a special signature that makes it less scary to install > than a browser plugin. You'll have to issue a cert for the smart card > and there's various approaches to that, so I'll skip that part. Set > up a TLS server to require a client cert from the CA that signed the > smart card. The browser should recognize the challenge and select the > right cert. The CSP will have its own interface for the user entering > a PIN along with inserting the card. Once you have the TLS connection > established, set a secure cookie in the client session and then redirect > the browser to another URL that doesn't require the smart card (because > otherwise the card will have to re-authenticate every click, which is > very slow). From then on, use the cookie for authentication (it can > have a timeout or whatever). -- http://mail.python.org/mailman/listinfo/python-list