Closed tsmgodoi closed 1 year ago
smartman
commented
2 years ago You can still use older Chrome Token Signing instead of the Web eID for Gemalto Safenet eTokens. I have the same situation and even put together an install guide here https://eideasy.com/how-to-install-token-signing-extension-for-google-chrome/
tsmgodoi
commented
2 years ago @smartman, we're doing that for now. I'm asking here to know the future policy of the Open eID, so we can plan for it.
mrts
commented
2 years ago @tsmgodoi, @smartman we will add support for Gemalto Safenet eTokens to Web eID. Are there any other cards that you want to be supported? Let's continue the discussion on the Web eID side here: https://github.com/web-eid/libelectronic-id/issues/33.
tsmgodoi
commented
2 years ago In Brazil we also use the following models:
mrts
commented
2 years ago A short update on our plans: we intend to add tier 3 support for Windows CryptoAPI tokens to Web eID in the coming weeks, but only for cryptographic service providers (CSPs) that support Cryptography API: Next Generation (CNG). It should be sufficient for most current cards. If any cards have old drivers, we can raise the issue of supporting older CSPs separately later.
Hopefully this covers the listed cards in Windows. We would love to add support for Linux and macOS as well, but then we need more information about the PKCS#11 drivers and ATRs.
mrts
commented
2 years ago @tsmgodoi the first draft of the Windows CryptoAPI work is now available from https://github.com/web-eid/web-eid-app/pull/231. You can download the binaries or the installer from the last build of the pull request and experiment if your cards work as expected in Windows.
tsmgodoi
commented
1 year ago It detected my token. I couldn't sign, though, because the field "Enter PIN2 for signing" doesn't allow special characters. And the SafeNet Authentication Client requires a password with special characters. Could you please allow typing special characters on the PIN2 field?
mrts
commented
1 year ago Thank you for testing! The regular expression that limits input can be seen here. We will add support for the following character ranges + UTF letters as defined in the SafeNet Authentication Client Administrator Guide:
The Administrator password quality and Initialization Key quality must include three out of the following four rules:
- English uppercase letters (ASCII 0x41...0x5A)
- English lowercase letters (ASCII 0x61...0x7A)
- Numeric (ASCII 0x30...0x39)
- Special characters (ASCII 0x20...0x2F + 0x3A...0x40 + 0x5B...0x60 + 0x7B...0x7F)
Is this sufficient?
See next comment.
mrts
commented
1 year ago @tsmgodoi, we changed the code to use the external PIN entry dialog provided by the CSP driver as QSCD devices do not accept PIN input from external applications, so the special characters issue is off the table entirely now. You are very much invited to try if the latest build from https://github.com/web-eid/web-eid-app/pull/231 and give feedback if this looks good to you.
tsmgodoi
commented
1 year ago @mrts, I've tested it and it works like a charm now! Thank you for fulfilling our request. We really appreciate that.
mrts
commented
1 year ago Excellent, glad to hear everything works! Supporting the community is important for us, please don't hesitate to get in touch in case of problems or feature proposals.
mrts
commented
1 year ago The CryptoAPI work is now merged to main. Please report further issues and feature requests in the web-eid-app project.
smartman
commented
1 year ago In Brazil we also use the following models:
- Watchkey (Watchdata)
- Etoken Pro (Safenet)
- GD Starsign (GD Burti)/StarSign Crypto Starsign CUT / S (GD)
- Etoken 5100 (Safenet)
- Etoken 5110 (Safenet)
- eToken Pro (Aladdin)
- Token Morphos (Morpho e-Documents) If you could please add support for these. I'll research further if there are more.
@tsmgodoi which TSP is issuing certificates on these tokens? I would be happy to add support for these TSP-s and CA-s to eID Easy electronic signature marketplace also.
tsmgodoi
commented
1 year ago The certificates can be found here: https://www.gov.br/iti/pt-br/assuntos/repositorio/repositorio-ac-raiz The valid ones at the moment are: Certificado da AC Raiz da ICP-Brasil v2 Certificado da AC Raiz da ICP-Brasil v4 Certificado da AC Raiz da ICP-Brasil v5 Certificado da AC Raiz da ICP-Brasil v6 Certificado da AC Raiz da ICP-Brasil v7 Certificado da AC Raiz da ICP-Brasil v10 - SSL Certificado da AC Raiz da ICP-Brasil v11 - Assinatura de Código I'll lookup the TSP-s and post here later.
Since the new version, the Gemalto Token can't sign hashes using the hwcrypto.js/webeid.js. I've got a message saying: "Operation not supported. The card in the reader is not supported. Make sure that the engered ID-card is supported by the Web eID application." Are you restricting card/token support by model? I want to confirm, because we use the Web eID solution outside Estonia to sign documents on an internal system. If so we need to think about new solutions/browser extensions.