Introduction

The Smart Card Middleware API is part of the Idopte Smart Card Middleware product, which provides standard interfaces for accessing smart cards or cryptographic tokens from applications (PKCS#11 library, Microsoft CSP and smart card mini-driver, Apple TokenD and CryptoTokenKit token driver, …).

There is, however, no standard way to access the smart card hardware from a web application running in a browser. Typically, this problem was solved by providing browser plug-ins (through ActiveX, NPAPI, …), or through the use of Java applets (Java introduced the smartcardio API in version 6).

Unfortunately, this is not a viable solution anymore, as all major browsers started dropping support for plug-ins and Java for security reasons. As of now, a web application can only run JavaScript code, with extremely limited access to external resources.

Moreover, no standard, universal interface has been made available to access smart cards from a browser. The Web Crypto API has been defined by the W3C, but it only provides ways to perform cryptographic operations in software, and the keys will only be available for the duration of the currently browsed page. Smart cards are explicitly excluded from the scope of this API.

Therefore, Idopte has developed a novel and independant solution to provide means, from a web application, to manipulate and use keys, certificates, and other cryptographic objects stored in smart cards (or other hardware cryptographic devices). The goal is to provide access to these low-level elements (and other related elements, like system certificate stores) through a simple JavaScript API callable from a page within a browser.

This API does not, however, provide higher-level functionalities generally required for PKI, like X.509 / PKCS#7 / general ASN.1 encoding and decoding, or software cryptographic algorithm implementations. These functionalities can easily be added by using pure-JavaScript libraries provided by third-parties (like Forge, PKI.js, and others).