On Wed, Feb 26, 2025 at 07:17:19AM +0100, Dan wrote: > Hello, > > Difficult and variagated subject, but in the moment that gmail and other sv > are bunning > sms for 2fa, I just want to underline that chip authentications by smartcard > readers > have still a rare device/software support even in OpenBSD. > > Is maybe matter the opensource community is expected to move first on this > matter > then wait authorities? Ops. > > I frankly don't expect a patch, eheh.. but as owner of a smartcard reader for > my id > that doesn't run in this OS please accept my signaling, at this moment in > time. > > > Dan > > ------ > Nuggetsman.com - Repo: https://code.5mode.com > > Please reply to the mailing-list, leveraging technical stuff. >
What exactly do you mean by "doesn't run"? The card reader isn't recognized by the USB (stack)? And what exactly do want to do with your identity card? Authenticate yourself on the machine itself (the only case in which the OS would have anything to do with all this)? Authenticate yourself on websites via your browser? Do you want do develop an app that uses the smart card for authentication? There are ports for OpenSC and pcsc-lite, which allow you to access the card and build stuff upon it. As far as authenticating with websites, OpenSC comes with a modules that you can load on Firefox or Chrome, to use for authentication. If the 2FA you are talking about can be done with PKCS#11, using the certificates on the card then the tools are already there. Note, however, that in some cases you are still dependent on how the websites implement their smart card-based authentication. For instance, the portuguese national identity card can be used to authenticate to a vast array of public services' websites or homebanking apps, and to digitally sign documents, in a legally binding manner. However, the authentication isn't done using PKCS#11 alone, but via an API, and that requires that a specific middleware is used (a standalone app or a so-called "plugin" that needs to run in the background while the browser is running). The whole thing is open sourced, so it could be ported to OpenBSD, at least in theory, but I never bothered to. Unless you are talking about authenticating users (i.e. login), none of this has anything to do with the OS. So, what problem are you trying to solve, exactly? --
