列出来自 CAC 的证书(不带 PIN)

发布于 2024-09-08 20:16:32 字数 456 浏览 14 评论 0原文

我正在开发一个 CAC 身份验证应用程序。

我正在运行 RHEL 5.5,并且我的机器上连接了一个读卡器。当我插入智能卡/CAC 时,时钟所在窗口的右上角会出现一个弹出通知,单击该图标(带有锁的卡)即可访问“智能卡管理器”GUI出现。通过显示智能卡管理器,我可以查看卡上的证书列表以及详细信息等,而无需输入 PIN 码。

现在,另一方面,在我的 C++ 代码中,当我使用 nss 库获取插槽和列表证书时,我无法在不输入 pin 的情况下获取证书列表。

我想要做的是从卡中获取证书列表,并在对话框中将该列表与 pin 文本字段一起呈现给用户,以便用户可以输入 pin,然后选择用于身份验证的证书步骤而不是应用程序必须显示单独的 pin 对话框,然后弹出证书选择对话框,但似乎不可能使用 nss 库,但另一方面,智能卡管理器 gui 可以轻松做到这一点。有人能给我指出正确的方向吗?是否有一个单独的 api 我可以用来从 CAC 获取证书列表???谢谢!

I'm developing a CAC authentication app.

I'm running RHEL 5.5 and have a card reader attached to my machine. When I insert a smart card/CAC, there is a popup notification that comes on the upper right hand side on the window where the clock is and the "Smart Card Manager" GUI is accessible clicking on the icon (card with lock on it) that appears. With Smart Card Manager displayed I can view the list of certificates on the card as well as the details etc WITHOUT having to enter a pin.

Now, on the other hand when in my C++ code when I used nss libraries to get the slot and list certificate I cannot get the list of certificates without having to enter the pin.

What I would like to do is get the list of certificates off the card and present that list to the user in a dialog box ALONG with pin text field so that User can enter the pin and then select the certificate to use for authentication ALL IN ONE step instead of application having to display a separate dialog box for pin and then the popup for certificate selection but it seems like it's not possible using nss libraries but on the other hand smart card manager gui can easily do this. Can anone point me to the right direction as to if there a separate api I can use to get the list of certificates from CAC??? Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

迷鸟归林 2024-09-15 20:16:32
  • 在网络上搜索“友好证书”或“公开可读证书”功能/机制(加载模块时为 0x1<<28) - 默认情况下,NSS 假定在读取任何内容之前需要 PIN来自令牌。恕我直言,将其保留为默认值是完全愚蠢的...
  • 请务必考虑密码键盘阅读器(PKCS#11 中受保护的身份验证路径),因为您希望为有能力的用户提供更好的安全性。当连接了密码键盘读取器时,不应显示 PIN 输入文本框。
  • Search the web for "friendly certs" or "publicly readable certs" feature/mechanism (0x1<<28 when loading the module) - by default NSS assumes that a PIN is needed before anything can be read from the token. Which is IMHO utter stupidity and keeping it as a default...
  • Be sure to take into account pinpad readers (protected authentication path in PKCS#11) as you hopefully will like to support better security for your users who have the capability. No PIN entry textbox should be shown when there is a pinpad reader attached.
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文