Installation

Installing the product on the workstation

Installation on different platforms is described in the installation guide.

Application configuration

Applications using Windows interfaces (CryptoAPI / Microsoft CNG)

These applications (typically Edge, Chrome, Microsoft office tools, etc.) require no special configuration. The certificates contained on the card (if supported by the middleware) are available as soon as they are inserted into the reader, via the certificate stores. a Note that it is the Smart Card Manager tool that transfers the certificates contained in the cards to the Windows certificate stores when the cards are inserted.

Applications using MacOS interfaces (CryptoTokenKit)

These applications (e.g. Safari) require no configuration. Each time a card is inserted, the OS identifies the CryptoTokenKit to be used, and the middleware intervenes automatically.

Applications using PKCS#11

The paths to be configured for applications using PKCS#11 are as follows:

  • For a 64-bit Windows application, or on a 32-bit machine:

    C:\Program Files\Smart Card Middleware\bin\idoPKCS.dll

  • For a 32-bit Windows application on a 64-bit machine:

    C:\Program Files (x86)\Smart Card Middleware\bin\idoPKCS.dll

  • On a MacOS machine:

    /Library/SCMiddleware/libidop11.dylib

  • On a Linux machine :

    /usr/lib/SCMiddleware/libidop11.so

Note: for Firefox, a plugin is installed to automatically configure PKCS#11 in the browser. The user simply needs to validate the execution of the plugin.

Web applications (SCWS)

Web applications do not require any configuration on the client workstation, on the part of the user.

It is up to the web application developer to include the appropriate WebAppCert in his application, to enable connection to the SCWS from client workstations.

WebAppCerts are generated by Idopte for each web application, based on the following information:

  • The origin(s) (URL base) from which the web application is to be accessed.

  • The web application's public key (each web application has an RSA key pair with which a random-response authentication is performed, guaranteeing that the SCWS connection request is indeed made by the legitimate application).

This ensures that only approved web applications can access the middleware. Details of the authentication process between the web application and the SCWS are provided in the developer documentation available at https://www.idopte.com/doc_scws.php.