Can someone tell me if a smart card can be used for Safari Client SSL
authentication?
Yes. You need to have a supported smartcard, though (or else write a
tokend module for one). A tokend module communicates with the
smartcard and makes it appear to be just another keychain. If your
smartcard can be read successfully, it should automatically show up
as a keychain in Keychain Access.
If yes, how Safari uses the private key to sign? What role a
keychain is
in this picture?
Safari ends up calling CFNetwork and SecureTransport to open the TLS/
SSL connection. The private key and its certificate must reside in a
keychain (or tokend-enabled smartcard), and the corresponding
identity must be able to be found by calling SecIdentitySearchCreate
(). The signing operation is just a standard CSSM call; if the
private key is on a smartcard, that is interpreted by a function in
the tokend module, which communicates with the card.
Also, you probably want to be running 10.4.4, which was released
today. It has several fixes for issues with smartcards and SSL client
certificate authentication (none of which appear to be documented in
the KB article. : )
-ken
Thanks,
Ben
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
