ANN/RFC: SmartCardWebApplet

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

ANN/RFC: SmartCardWebApplet

Martin Paljak-2

I would like to announce the birth of a new project (or resurrection of an old project, opensc-java [0]) named SmartCardWebApplet [1].

OpenSC currently is geared towards C and "native" applications, by providing C based "native" interfaces (PKCS#11, Tokend, possibly Windows minidriver) and tools written in C for personalizing cards to make them usable via those interfaces.

It lacks good and integrated support for JavaCards. To make OpenSC usable on the web (hey, everything is on the web these days!) it needs to be used via some application for SSL (like Firefox) or via some custom machinery that commonly eventually talks to the PKCS#11 module eventually. OpenSC "signer" Mozilla plugin existed but it tied the "exposing the cryptographic functionality" with a very exact format, included dependancies for external PIN entry program, targeted a really old plugin API and required prior installation before it was useful. It was not used and is retired in the upcoming OpenSC 0.12.

SmartCardWebApplet on the other hand, is targeting the Java (1.6+) platform. I'm sure there are mixed feelings about Java (I used to dislike it as well and made jokes [2] about it when I last worked with it about 5 years ago) but in fact it is a quite nice platform these days for the following reasons:
 * It has direct access to smart cards via javax.smartcardio in Java 1.6+
 * Chances are, that it works out of the box without any additional downloads (at least on Mac)
 * Zero-download/install plugins are superior to plugins or extensions that require installation in certain scenarios, until some functionality (like online signatures) become ubiquitous and integrated into browsers
 * It looks nice [3] and feels like a right tool for the task

I've been lately working with JavaCards [4] (specifically, MuscleApplet [5]) and one of the main concerns about JavaCards from the OpenSC community has been the complexity of using them with OpenSC. There are several tools and libraries in the Java world that do an OK job in their field but are really useful only to developers. So to make the different JavaCard and Java related developments available to casual users,  a really simple interface is required and I can't think of an easier one than one-click, no-install web application.

To use JavaCards, an applet is required. Tools out there that deal with JavaCards are designed to target different possibilities of the GlobalPlatform and JavaCard API-s, but SmartCardWebApplet's JavaCard support will target a single applet and that will be MuscleApplet. I've written about the pros and cons of MuscleApplet+OpenSC before and elsewhere (most important, it must be taken as a moving target if it is supposed to evolve further).

I've worked on some of the pieces (GPJ, MuscleApplet, OpenSC driver for Muscle) lately but unfortunately the time has yet to arrive when I can push out the changes.  Nevertheless, to bring the different Java projects [5] together under a functional umbrella, the applet has born.

Something that covers my own needs and seems to answer the most asked-for feature for JavaCard-s and OpenSC, the immediate next step will be "one step installation" of the current MuscleApplet (one that works with current OpenSC svn trunk) to JavaCard 2.2.2 cards. The web page of the plugin describes the phases that are most important to me, but I'd like to ask for help (design, code, test) on the "bigger picture", that looks like right to me, but is not entirely in my short term plans.

Next steps will be re-implementing the basic ISO7816 driver in Java and figuring out a driver framework for Java; combining the PKCS#15 ASN.1 related functionality from opensc-java and JavaCardSign into a separate package and working on from there towards an "OpenSC for Java" which does what OpenSC does: provide a framework for card drivers and expose common functionality via common tools and API-s.

Bare with me the next few days while I extract the bits and pieces from in-house code into the applet, but I'd like to start the discussion ASAP. Also, if there are people who are familiar with Java (and applet) programming and/or Swing programming, please voice out. The reason why the first interface will be scriptable is my lack of GUI programming capabilities (and interest)

[3] or

Martin Paljak

opensc-user mailing list
[hidden email]