Scute and SmartCard insertion/removal in Firefox
Hi, I use the GnuPG card and have installed all the software, including Scute. I configured a server for HTTPS asking for client certificates. When the card is inserted before requesting the page, I get a request for the user PIN for the card, and then the certificate is exchanged with the server as desired, and everything works fine. When the card is not inserted, my web application detects that no certificate has been sent and shows a login-failed message. If I then insert the card and reload the page, the card is not accessed and login still fails. I actually have to terminate and restart Firefox for it to use the card (shift-click on reload does not work either). Ideally, I would like to be logged out when I remove the card and logged in when I insert the card. Mozilla provides an unofficial JavaScript object to detect card insertion/removal (https://developer.mozilla.org/en-US/docs/JavaScript_crypto). The JavaScript code detects successfully insertion and removal of the card. Using mozilla's example script, when I remove the card, the page is reloaded, but displays an error message. I can probably hide the error message by verifying the connection in the background (AJAX) or reloading the page with a delay. However, when I insert the card, the page is still reloaded but the client certificate is not used. Is there a way to reload a page and explicitly request that the SmartCard be accessed? Or do you have any suggestions for a work-around? Sincerely, Urs ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Scute and SmartCard insertion/removal in Firefox
Dear Martin, Thanks a lot for your help. It works now! After you pointed out re-negotiation, I first tried to find a way to dynamically request TLS renegotiation from the server (apache tomcat). All I could find is people thinking that this is a bad idea. I still think it makes sense in the given example, but I couldn't figure out how. However, while looking for information I came across a page where somebody had a very similar issue and uses the JavaScript logout function (window.crypto.logout(), not everywhere available but at least it exists in Firefox). This will request the client to forget about sessions and renegotiate the connection, which is exactly what I need. Cheers, Urs On 02/05/2014 04:15 PM, Martin Paljak wrote: If you have a web server *and* a client where you can control the session cache and initiate a re-negotiation, Firefox will try to look at your token again. At least this was the case a while ago. -- Martin +372 515 6495 On Wed, Feb 5, 2014 at 12:58 PM, Urs Hunkeler u...@gmx.ch wrote: Hi, I use the GnuPG card and have installed all the software, including Scute. I configured a server for HTTPS asking for client certificates. When the card is inserted before requesting the page, I get a request for the user PIN for the card, and then the certificate is exchanged with the server as desired, and everything works fine. When the card is not inserted, my web application detects that no certificate has been sent and shows a login-failed message. If I then insert the card and reload the page, the card is not accessed and login still fails. I actually have to terminate and restart Firefox for it to use the card (shift-click on reload does not work either). Ideally, I would like to be logged out when I remove the card and logged in when I insert the card. Mozilla provides an unofficial JavaScript object to detect card insertion/removal (https://developer.mozilla.org/en-US/docs/JavaScript_crypto). The JavaScript code detects successfully insertion and removal of the card. Using mozilla's example script, when I remove the card, the page is reloaded, but displays an error message. I can probably hide the error message by verifying the connection in the background (AJAX) or reloading the page with a delay. However, when I insert the card, the page is still reloaded but the client certificate is not used. Is there a way to reload a page and explicitly request that the SmartCard be accessed? Or do you have any suggestions for a work-around? Sincerely, Urs ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How to use a GnuPG card on multiple computers?
Hi, How can I use a GnuPG card on multiple computers? My understanding is that when I let the card generate the keys, a stub for each key pair is automatically added to my keyring and instructs gpg to use the card to encrypt my messages. How can I add such stubs to my keyring on a different computer to point to existing keys on my card without having to regenerate the keys (which would render the card unusable for the first computer)? Thanks, Urs ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to use a GnuPG card on multiple computers?
Hi Werner, Thanks a lot! Cheers, Urs On 10/11/11 11:03 AM, Werner Koch wrote: On Tue, 11 Oct 2011 09:37, urs.hunke...@epfl.ch said: gpg to use the card to encrypt my messages. How can I add such stubs to my keyring on a different computer to point to existing keys on my card without having to regenerate the keys (which would render the You insert the card on that other box and enter $ gpg2 --card-edit this creates the stub. To retrieve the public key you may now enter: gpg/card fetch this uses the URL field of the card to retrieve the key. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users