Bug 24077 - Use of cryptographic tokens with WebKit
Summary: Use of cryptographic tokens with WebKit
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Enhancement
Assignee: Nobody
Keywords: InRadar, ReviewedForRadar
Depends on:
Reported: 2009-02-21 17:40 PST by Pau Carré Cardona
Modified: 2017-07-06 06:46 PDT (History)
4 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Pau Carré Cardona 2009-02-21 17:40:19 PST
Hello, according to the European Law, which affects to all countries in European Union, citizens must be able to perform procedures with public administration using the Web.
In Europe, the Administration is much more important than in USA or any other non "social" (not socialist) political systems.
The most spreaded system to identity citizens available is the use of cryptographic tokens.
With Internet Explorer those tokens can be embedded using a secure Active X component based on Crypto API. Firefox has a great integration with the standard PKCS and has some custom Javascript functions to sign content.
Another option is to use a Java Applet. This is not the best option because most users have not the computing knowledge to install properly a JRE, even when this installation is done automatically. Moreover, when users have a Java desktop application, most of times the new JRE makes that software unusable. Finally, when the JRE uses PKCS it must open a system library so there is an important security concern.

As Public Administration we should give the chance to the citizen to use the preferred browser and operating system. The problem we (Balearic Islands Government) face is that it is not possible for as to add Cryptographic Token signature capabilities to authenticate our citizens without using Java. 
We would like Apple, Google and other companies that use WebKit to add Javascript functions to use Cryptographic Tokens in Macintosh, Windows and hopefully, Linux.

From our point of view the usage of Cryptographic tokens will be widely used by most of "social" (the opposite of "individualist", not "capitalist") countries.

Hope you add this enhancement so as we could allow Mac, Safari and Chrome users to our services without the usage of Java

Yours faithfully,
Pau Carré Cardona
Comment 1 Sam Weinig 2009-02-22 13:58:26 PST
Comment 2 Freddy Kaiser 2009-12-24 04:54:28 PST
That would be great if PKCS11 support will be added for SmartCard Login. How can this be done?
Comment 3 Alexey Proskuryakov 2009-12-24 09:50:20 PST
Safari supports client-side SSL certificates, which are commonly used to authenticate users securely. Does this address your need? If not, could you please provide more information about the specific technology you'd like us to support? A link to documentation would help a lot.
Comment 4 Freddy Kaiser 2010-01-01 08:00:09 PST
Hi, Safari will not help for 2 reasons:
- it uses the OS native SmartCard layer (Windows CSP, Mac Token D) 
- there is no port for Linux

We would need to have a Cross platform Browser with PKC11 support. Like Firefox. We are now using Firefox but the overhead of features, size and not SDKable is a short term solution.

As we are using QT and WebKit we would like to switch to this framework in order to build a secure browser with SmartCard Login support. The only missing piece is out of the box PKCS11 support in the WebKit