Closed frgomes closed 3 years ago
Dear @frgomes Thank you for your analysis.
But this is actually the intended behavior. Web PKI has a default integration with certificates and devices from OS default crypto repositories (e.g.: Windows CertMgr, macOS Keychain Access). The PKCS#11 is an optional feature for devices which does not implement the OS default integration or for OS which does not have such thing.
When the PKCS#11 feature is enabled, Web PKI will call external unknown third-party libraries, with no guarantee that it is up-to-date or compatible with the current system, which may result in unexpected behavior or crashes.
So, enabling PKCS#11 integration is a user explicit intention and only recommended if you have the device manufacturer support.
And also highly recommended to enable only the PKCS#11 lib for your current device. For instance, if you are using a G&D Sm@rtCafe
smartcard, enable only the SafeSign AET devices
feature, which is the corresponding manufacturer, or type in any other (.so
, .dll
or .dylib
) custom library provided by the manufacturer.
Therefore, PKCS#11 feature not being enabled by default is not considered a failure.
We appreciate the report, but this repository might not be the proper place for Web PKI questions. We would kindly request that you use our user support channel (support@lacunasoftware.com) for other Web PKI operating questions or reports. Thank you
We appreciate the report, but ...
The intent of this ticket here is making the information and resolution available online, so that users can find help quickly themselves over the weekend or 2am in the morning. Next time someone googles for Debian Lacuna WEB PKI Sm@artCafe ... well... they will find this ticket here. Thanks
Scenario
The failure occurs when visiting the page https://assinatura.e-notariado.org.br, becoming impossible to proceed on the navigation. The failure only happens on Debian11; everything works as expected on Windows10.
Environment on Windows10
Environment on Debian11
Solution (or: how to circumvent)
Lacuna Web PKI Crypto devices must be necessarily enabled when running on Debian11, namely: