Skip to content

hwcrypto/hwcrypto.github.io

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

hwcrypto is a umbrella name for a set of specifications, software and API-s, to enable the use of X509 PKI based eID cards on the web for signing and authentication. It is designed to be vendor neutral and horizontally re-usable, to compete with the proliferation of proprietary, sector-specific vertical implementation silos and to avoid the resulting "nascar problem" on end users and integrators alike.

(Note on naming: the techie name "hwcrypto" is only visible to developers, not end users)

It consists of three major parts:

  • hwcrypto.js (MIT) is a JavaScript library for web developers who work with hardware backed eID cards, providing a high-level API that allows for the developer to focus on building things that have value to users, instead of messing with the underlying technological plumbing. The library follows semantic versioning and a simple demo site is available. The JavaScript library is the only component web developers should interact with.

  • hwcrypto-extension (LGPL) is a reference implementation of a modern browser extension that provides access to cryptographic smart card services of the host computer via Native Messaging. The extension is available for Chrome/Chromium, Firefox and Opera.

  • hwcrypto-native (LGPL, formerly chrome-token-signing) is the Native Messaging counterpart of the browser extension, with installers available for Windows, macOS and Linux. It is intended to be extended, branded, repackaged and redistributed by vendors and service providers, as needed. The installer is the only component end users should interact with.

Being a collaboration platform for real-life integrators is another goal of this open source effort.

Architecture overview

hwcrypto architecture

Related projects

A bunch of other efforts are underway to define an API, to be implemented by browser vendors, to facilitate access to cryptography, including hardware devices.

Some other initiatives with working code and standardisation efforts exist, that allow to bridge the gap between a website and a hardware token, by exposing a common "transport mechanism" to JavaScript:

  • WebUSB
    • :| low level USB access, would require to implement something like CCID by a JavaScript library, to talk APDU-s to a smart card token. Possible, but not very viable. Desktop-oriented.
  • Web Bluetooth
    • :| low level Bluetooth access, would require to implement bluetooth connectivity to a smart card reader/token, to transfer APDU-s to smart cards. Possible, but not very viable. Mobile-oriented.
    • :( no standardisation of bluetooth smart card readers

About

hwcrypto.org website content

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published