how to modify text in html form from python
Philippe C. Martin
pmartin at snakecard.com
Fri Oct 21 19:30:23 EDT 2005
Paul,
That won't cut it: The cards I use/code do not have RSA capabilities but
only symmetrical algorithms (AES, 3DES, ....). I use the same type of
authentication you would see between a POS and a Smart Card (ex: B0' in
France)
So I cannot hookup to one of the standards (PKCS11 or CSP).
Thanks anyway.
Regards,
Philippe
Paul Rubin wrote:
> "Philippe C. Martin" <pmartin at snakecard.com> writes:
>> ***** HOW (if there's a better way let me know please) ******
>> As I have not found any better solution yet, I am trying to do the
>> following (on the server there is an html file and a cgi file)
>
> If I understand it, you're trying to use a smart card to authenticate
> a web site login. The major browsers already have smart card interfaces
> (Windows CAPI for MSIE, or PKCS11 for Netscape/Moz*) so you shouldn't
> need a plugin. On the other hand, smart cards are very slow.
>
> The typical approach is as follows (MSIE version). Stop using special
> smart card programs and just use a card that implements CAPI with a
> from the vendor and that can sign against an X509 certificate. The
> CSP will have a special signature that makes it less scary to install
> than a browser plugin. You'll have to issue a cert for the smart card
> and there's various approaches to that, so I'll skip that part. Set
> up a TLS server to require a client cert from the CA that signed the
> smart card. The browser should recognize the challenge and select the
> right cert. The CSP will have its own interface for the user entering
> a PIN along with inserting the card. Once you have the TLS connection
> established, set a secure cookie in the client session and then redirect
> the browser to another URL that doesn't require the smart card (because
> otherwise the card will have to re-authenticate every click, which is
> very slow). From then on, use the cookie for authentication (it can
> have a timeout or whatever).
More information about the Python-list
mailing list