Here, in Italy, we interact with a number of public services (web ones I mean) and portals that allow the auth by a system called Spid that from the beginnig depend on sms or qrcode auth (see it like an image appearing on our screens instead of a password), now "obsolete" we can say (and that I never endorsed).
Other ways to auth, the more safe ones at my side, depend on a card chip: you can use both id and the health card. We have it also here, sometimes and with their limitations. The technical problem reside both in the card reader (yes there are many of them and must be supported) and the middleware. My reader seems not recognized by the os; the distributed (by the authorities) middleware is compatible with a limited number of systems. I can't configure this like "a solution", personally and like a generic user speaking. We live also, at the time of social networks..mh, in the need of talking sometimes, or introduce the necessity of the "personal identification". Leave away my dev interests at time. How a serious software vendor although from the Public can hope to solve the problem of personally identification if basically doesn't exist a standard solution that allow all the users to authenticate in an easy way, same conditions? Yes, said like that sounds a matter not strictly related to OpenBSD but are you sure that you can't absolutely wonder to a software abstraction for a possible solution? I do not think to talk with people technical alienated from cryptography and security standards, no. Then, if you want i can restart the thread by playing the part of a mere, lonly OpenBSD user.. -Dan ------ Nuggetsman.com - Repo: https://code.5mode.com Please reply to the mailing-list, leveraging technical stuff. Feb 26, 2025 11:59:42 Zé Loff <zel...@zeloff.org>: > What exactly do you mean by "doesn't run"? The card reader isn't > recognized by the USB (stack)? And what exactly do want to do with your > identity card? Authenticate yourself on the machine itself (the only > case in which the OS would have anything to do with all this)? > Authenticate yourself on websites via your browser? Do you want do > develop an app that uses the smart card for authentication? > > There are ports for OpenSC and pcsc-lite, which allow you to access the > card and build stuff upon it. As far as authenticating with websites, > OpenSC comes with a modules that you can load on Firefox or Chrome, to > use for authentication. If the 2FA you are talking about can be done > with PKCS#11, using the certificates on the card then the tools are > already there. > > Note, however, that in some cases you are still dependent on how the > websites implement their smart card-based authentication. For instance, > the portuguese national identity card can be used to authenticate to a > vast array of public services' websites or homebanking apps, and to > digitally sign documents, in a legally binding manner. However, the > authentication isn't done using PKCS#11 alone, but via an API, and that > requires that a specific middleware is used (a standalone app or a > so-called "plugin" that needs to run in the background while the browser > is running). The whole thing is open sourced, so it could be ported to > OpenBSD, at least in theory, but I never bothered to. > > Unless you are talking about authenticating users (i.e. login), none of > this has anything to do with the OS. So, what problem are you trying to > solve, exactly? > >
