Skip to content

Remote Access to smart card readers

Jump to bottom Edit New page
Viktor Tarasov edited this page Dec 15, 2012 · 1 revision

Remote Access to smart card readers

NOTE: This page is completely untested.

OpenCT includes a very simple facility to access smart card readers
on a remote system. Please note that this mechanism has no security
mechanisms in it at all. Therefore please use it only on trusted networks,
or add a security wrapper like openssl to it.

The setup needs to be done one two machines: the machine with the reader,
and the machine with the software that wants to access the reader. We will
call these machines “mwr” and “mws” in this example.

On the machine with the reader, add it as usual to the openct.conf,
here is an example for a serial reader:

reader xiring {
        driver = xiring;
        device = serial:/dev/ttyS0;
};

In addition to that you need to start ifdproxy on the machine with the
reader, and point the proxy to the machine with the software:

root@mwr# ifdproxy export xiring /dev/ttyS0 mws:6666

On the machine with the software, you need to edit openct.conf like this:


ifdhandler = /usr/sbin/ifdhandler;
ifdproxy {
        server-port     = /var/run/openct/proxy,
        device-port     = :6666;
};
reader xiring {
        driver = xiring;
        device = remote:serial1@/var/run/openct/proxy;
};

and then start openct via the init.d script as normal:

root@mws# /etc/init.d/openct start
root@mws# ifdproxy server

now you should be able to see the remote reader using the ifproxy list command:

root@mws# ifdproxy list
Exported devices
  serial1          MachineB's_IP                 xiring

Adding security

As discussed, the setup above is completely unsecure. But with the openssl
commands, it can be improved:

TODO

Add a custom footer
Add a custom sidebar
Clone this wiki locally