I need to develop a java applet, for a mutual authentication between Tomcat 6 (server) and a SmartCard " IDGo 300 " (client).
In order to do this I thought the following scheme:
I have some questions:
Is it feasible? Yes. Is it practical? No. I would argue for a thick Java application instead.
First of all, you cannot authenticate by simply sending a certificate. You need something like a challenge-response as well (a signature created by the private key on the smart card after the PIN was entered).
Second, you need special permissions to use any hardware from an Applet. This means you have to alter the permission on the client or you may have to sign the Applet, after which the user has to accept the Applet for that specific task.
Applets have pretty specific lifetimes. You may not want to sync the removal of the card with the life cycle of an Applet. A user may block the response that is send when you disconnect. You can test if the card has been removed using waitForCardAbsent()
in a separate thread.
If you cannot trust the connection (HTTP without SSL) then you cannot trust the Applet code. Users may not want to enter their PIN into untrusted code.
You will run into countless issues if you want to support multiple browsers and Java runtimes.
As a minor issue, the javax.smartcardio
package may not always be available; it's not in javax
for nothing.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.