[Pcsclite-muscle] Web smartcard access (?)

Frank Morgner frankmorgner at gmail.com
Sat Jun 17 05:26:29 PDT 2023 

CCID for Web USB was implemented here 
https://github.com/jbirkholz/webusbAuth

Google's Smart Card Connector (PCSClite + libccid) will only work in 
Chrome OS. CCID is blocked for Web USB in Chrome (the browser) for 
security reasons 
(https://www.yubico.com/support/issue-rating-system/security-advisories/ysa-2018-02/).

https://wicg.github.io/web-smart-card/ looks interesting, but even the 
referenced use case (German ID) has working solutions since years 
(remote web service + local native code piped through platform specific 
IPC).

With smart devices replacing smart cards as security tokens and the 
movement to centralized web services, unfortunately, I don't see much 
incentive for anyone to create better smart card integration than what 
we have today. Although smart cards are capable of doing all sorts of 
security related stuff, since decades, they are mostly only used for 
authentication in traditional systems. Once you move to a new system, 
most services are typically trying to integrate more convenient 
authentication mechanisms before integrating the legacy stuff (i.e. 
smart cards).

Nevertheless, smart cards have a strong presence in the business and 
governmental environments and will not die any time soon.

Regards, Frank.

Am 16.06.23 um 17:30 schrieb Sebastien Lorquet:
> Hi,
>
> Thank you for this information, I did not follow google developments.
>
> Good thing that a Web Smart Card API is in the work.
>
> So, I guess, we just have to wait for 2042... (the year all vaporware 
> are released)
>
> Sebastien
>
> Le 16/06/2023 à 17:20, Daniel d'Andrada a écrit :
>> Hi Sebastian,
>>
>> PCSClite + CCID compiled to WebAssembly and talking to Web USB is
>> exactly what the Smart Card Connector extension does:
>> https://github.com/GoogleChromeLabs/chromeos_smart_card_connector/blob/main/docs/index-developer.md 
>>
>>
>> There's also Web Smart Card API being developed right now:
>> https://github.com/WICG/web-smart-card
>> https://wicg.github.io/web-smart-card/
>>
>> On Fri, Jun 16, 2023 at 3:33 PM Sebastien Lorquet 
>> <sebastien at lorquet.fr> wrote:
>>> Hi all,
>>>
>>> For a time in the Past, it was possible to enumerate smart card readers
>>> and to exchange APDUs with smart card from various web extensions, both
>>> in internet explorer (via ActiveX crimes) or in firefox (via XPCOM 
>>> crimes).
>>>
>>> Browsers got updated, Chrome won it all, and now it's all gone.
>>>
>>> So is it still possible to access smart card in a browser context in
>>> 2023 and how?
>>>
>>>
>>> Now, we have webassembly and webusb in chrome, maybe chromium. Firefox
>>> still does not have it.
>>>
>>> And I wonder if pcsclite, in a form executable from browser context,
>>> could be compiled to webassembly with a webusb backend so we can do
>>> smartcards in the browser again?
>>>
>>> Clearly the full pcscd daemon + libpcsc library is not workable... but
>>> something could be, with shortcuts?
>>>
>>> I am clearly incompetent to design all of this but if someone else was
>>> curious enough to try... some others people would use this, 
>>> including me.
>>>
>>>
>>> Best regards,
>>>
>>> Sebastien
>>>
>>>
>>> _______________________________________________
>>> pcsclite-muscle mailing list
>>> pcsclite-muscle at lists.infradead.org
>>> http://lists.infradead.org/mailman/listinfo/pcsclite-muscle
>> _______________________________________________
>> pcsclite-muscle mailing list
>> pcsclite-muscle at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/pcsclite-muscle
>
> _______________________________________________
> pcsclite-muscle mailing list
> pcsclite-muscle at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/pcsclite-muscle

More information about the pcsclite-muscle mailing list