Re: Issue 220971 in chromium: Req - smartcard support for federal CAC and PIV cards, bank cards

[chro...@googlecode.com]

Comment #10 on issue 220971 by swee...@gmail.com: Req - smartcard support
for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Smartcard support is required by ALL federal employees and contractors --
every agency, department, and organization, which is many tens of
millions. (4.4M direct employees, ~43M contractors and other support).

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[chro...@googlecode.com]

Comment #11 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Are the delays because of some political backlash? I am confused as to
what is taking so long to get this working. Firefox has been doing this for
years already and as a result has a growing community within the US federal
network. Chrome is losing it's competitive edge!

[chro...@googlecode.com]

Comment #12 on issue 220971 by briannos...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

The Googles don't care about middle class government employees... Returning
this thing tomorrow. New the deal was too good to be true.

[chro...@googlecode.com]

Comment #13 on issue 220971 by dancjo...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I agree. CAC access us the only reason I keep my windows PC. Otherwise 100%
chrome OS.

[chro...@googlecode.com]

Comment #16 on issue 220971 by sas...@chromium.org: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

putarica45@, jamie.a.preder, melissadaniels, matthew@, sweerek@, dancjones@
- basic question for you guys. So you privately purchased or are
considering purchasing a chromebook (i.e. not issued by your employer or an
org decision). But want to be able to use this privately owned chromebook
for working as contractors for the federal gov? Is this the case for all of
you?

[chro...@googlecode.com]

Comment #17 on issue 220971 by dancjo...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Government employees / acti duty military are required to use CAC cards to
access employee services from home... examples include education benefits,
household good shipment coordination, veterans benefits etc. Since chromeos
doesnt support CAC cards, a windows PC must be used. I have 4 chromeos
devices in my house, but have to keep 1 pc around solely for cac card
purposes.

[chro...@googlecode.com]

Comment #18 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Not a contractor. US Soldier. US Soldiers are now incapable of accessing
ANY .mil site without the use of a CAC card. Trust me, if Google would
design USB CAC reader access into Chrome and put them into AAFES (Military
Walmart if you will) Chromebooks would sell like hot cakes. In the
military, you cant to ANYTHING without web access.

[chro...@googlecode.com]

Comment #19 on issue 220971 by matt...@turnaroundfactor.com: Req -

smartcard support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

saswat@ I have a personal chromebook, but would also love to roll out
ChromeOS laptops for some of our employees, many of whom do all their work
in browsers anyways and would be way less of a hassle to support. We
seriously considered a ChromeOS deployment the last time we added new
laptops, but this issue was the dealbreaker. We could work around having a
full MS Office install on all the laptops with a handful of XenApp
installations, but at the end of the day my users need to access
CAC-enabled sites.

As others have pointed out, most of the federal government is going to
smartcard-only websites, primarily to mitigate attacks against password
authentication and reduce user password burden. I'm not sure how much of
commercial sector will ever adopt smartcards, but they're here to stay in
the government world.

[chro...@googlecode.com]

Comment #23 on issue 220971 by sas...@chromium.org: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Many thanks to all for the info and your patience in waiting for this. It
is very useful input to prioritization. As soon as we can put some effort
into this, I will update this thread.

[chro...@googlecode.com]

Comment #24 on issue 220971 by jeromeri...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Hope this gets some attention soon. I wouldn't even use another operating
system at all were it not for the lack of CAC access.

[chro...@googlecode.com]

Comment #25 on issue 220971 by cereb...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Near as I can tell, for limited smart card platform support (not related to
logon), most of the core needed is adding pcsc-lite and ccid from portage.
Both are already in portage/app-crypto. I don't forsee serious problems
getting these to compile for most boards--both packages are known to
compile on both x86 and ARM.

Also needed is a PKCS#11 package. Coolkey, CACkey, and OpenSC provide
possible candidates; of these, Coolkey and OpenSC are both in
portage/app-crypt and should be no problem. There are known limitations
with these and the DoD CAC, so I'll try to port CACkey into ebuild as well.

There may be adjustments needed for Chrome, but I doubt it. We'll see.
I've been putting together a dev server of my own (Scotty, more memory!) so
I can attack this one.

-- T

[chro...@googlecode.com]

Updates:
Cc: rsl...@chromium.org

Comment #26 on issue 220971 by sas...@chromium.org: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #28 on issue 220971 by c...@solvitor.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I'm also happy to test with a non-DOD (PIV) card.

[chro...@googlecode.com]

Comment #29 on issue 220971 by lipp...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I'll ping the author of CACKey and see if he would be willing to put the
CACKey code into github ...

[chro...@googlecode.com]

Comment #31 on issue 220971 by rsl...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

So, the overall approach described in comment #25 is roughly correct.

However, it's worth noting that Chrome is moving away from NSS, and with
that, PKCS#11 support, as part of the OpenSSL migration. There is no
guarantee that approach will continue to work long-term.

As noted in comment #25, the existing CAC middleware/card drivers are of
various quality levels, and there are many sharp edges to supporting CAC.

More importantly, however, is that ChromeOS security is extremely
important, and thus any third-party integrations are done with care,
caution, and reduction of risk. Support for CAC, while it may
seem 'trivial' from the respect of portage, carries non-trivial costs and
risks.

I just want to make sure such efforts are put into perspective. It will no
doubt seem ironic that the use of a smartcard can undermine, rather than
improve, security, but holistically that's the risk.

[chro...@googlecode.com]

Updates:
Labels: -Type-Bug Type-Feature

Comment #33 on issue 220971 by scunning...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #34 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I appreciate the team looking into this but I am very disheartened that as
Google attempts to expand into everything, they have forgotten what is at
their core--a browser for the world. Unfortunately the chromeos team has
decided to--for an unspecified amount of time--delay access to over 30
billion people, which includes 43 million US military and military
contractors. Timing is everything and just as MS is in a state of flux
attempting to redefine who they want to be in the new environment, it
appears that Google has lost sight of who it is. Opportunity lost. So sad
as I have always been a vocal supporter/user of Chrome.

[chro...@googlecode.com]

Comment #36 on issue 220971 by huntjp...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Ouch.. I need this today as well. Would love to push toward simple
getting Chromebox and google apps for govt. accounts for folks, but require
a CAC passthrough for folks .mil sites.

[chro...@googlecode.com]

Comment #38 on issue 220971 by james.h....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I find it hard to believe with everyone that is involved in the development
of chrome os that there is not one single person that can resolve this
issue.

[chro...@googlecode.com]

Comment #39 on issue 220971 by butlerph...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I'm a civilian engineer helping lead the charge for Google Apps piloting
and deployment within the DoD (and have been doing so since the launch of
Google Apps for Government in 2010). Our organization was the first in the
DoD to deploy CAC-login for GAfG and have briefed numerous top-level
executives and flag officers (service CIOs and 3-stars included) about the
functional elegance and superior cost benefits of the offering. Having
said that, it has been a very tough sell without native S/MIME support in
webmail (which Office365 has) or PIV support on Chromebooks (which Win8
convertibles have - some with built-in readers). I believe GAfG is truly
the most flexible, cost effective, and game-changing solution, but it is
extremely disheartening that these issues continue to get zero attention.
At the end of the day, there are well over 5M DoD users that may end up
using an inferior and more costly solution because these seemingly "simple"
(for the genius Google engineers, at least) features have been largely
ignored.

[chro...@googlecode.com]

Comment #40 on issue 220971 by james.h....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Ok, has this gotten anywhere at all yet?

[chro...@googlecode.com]

Comment #41 on issue 220971 by jeromeri...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Nope. Nowhere.

[chro...@googlecode.com]

Comment #42 on issue 220971 by cereb...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Sorry. My dev environment didn't work out as planned--I had hoped to work
in a virtual dev server but I don't have a hypervisor with nested VM
support to run test builds. I need a new dev box and I haven't had time to
put one together yet or pick up a second Chromebook. Real life & work have
also intervened and take precedence. I'll get to it.

-- C

[chro...@googlecode.com]

Comment #43 on issue 220971 by james.h....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I wish DOD would invest on this as well

[chro...@googlecode.com]

Comment #44 on issue 220971 by sagunn2...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Dear Google,

I figured I would add my request in the hopes of garnering support for this
issue. I only keep an old Toshiba laptop around so I can access military
websites with my CAC card. I try to use Chrome exclusively as my web
browser, even though it has some issues with certain websites (S/MIME on
email being a challenge). I also purchased a Chromebook for ease of use
and love the ChromeOS. However, the lack of CAC support necessitates
investment in additional computers that I would prefer to not make. You
are missing out on a large customer base whose first question when they see
my Chromebook is, "does it work with your CAC card." When I say no, they
say oh well and go buy another PC. Please help us, your loyal customers
and yourselves (via sales) by solving this challenge.
Cheers, Scott

[chro...@googlecode.com]

Comment #45 on issue 220971 by james.h....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

is it possible to save my certificates from my CAC card into a SD card and
use it that way?

[chro...@googlecode.com]

Comment #46 on issue 220971 by matt...@royhousehold.net: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

No. The goal of a hardware security module like the CAC is that it will not
allow the private key part of the certificate to be removed.

[chro...@googlecode.com]

Comment #47 on issue 220971 by james.h....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

OK, so does anyone know what the plan is or if there is a plan?

[chro...@googlecode.com]

Comment #50 on issue 220971 by jessie.a...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

Just did a little bit of research based on the lead from earlier. Found
this link which explains the process.
http://www.secureauth.com/blog/derived-credentials-chromebooks/

It seems that the only way to make this happen is to contact SecureAuth
directly. I'm sure that there is some sort of cost for this...

[chro...@googlecode.com]

Comment #51 on issue 220971 by jessie.a...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

While this looks like it will work, it is not attainable for the common
folk. I received this email in response to my inquiry. I don't know if this
technology is available anywhere else, but SecureAuth can be ruled out.
Please let us know if there is another solution!

"We require a 100 user minimum. But if this is something you really need I
can ask my Engineer.

Thank you"

[chro...@googlecode.com]

Comment #52 on issue 220971 by cereb...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

So this is another case of technically possible but unlikely to happen.

NIST's definition of derived credentials technically allows a third party
issuer to create derived credentials based on some other issuer's
credentials, up to one level of assurance lower than the original issuer
(see SP 800-63). In the DoD context, that would mean that SecureAuth can
issue LoA 3 credentials based on your CAC/PIV because the CAC/PIV is issued
at LoA 4.

However, per DoDI 8520.03, LoA 3 creds won't do you much good because the
equivalent of LoA 4 credentials would be needed to access DoD services from
non-DoD owned networks.

Also, since SecureAuth is not an Approved PKI (see
http://iase.disa.mil/pki-pke/interoperability/index.html#approved) the
credential they issued wouldn't be accepted by DoD applications anyway.

For DoD, derived credentials will have to be issued by the DISA and DMDC
through the DoD PKI. Since the DoD PKI is the original issuer, that means
the derived credential can be LoA 4 (ref: SP 800-63). And since it'll be
the same PKI, the credential will work as expected.

The DoD PKI is not yet issuing derived credentials, but it will eventually.
I think it's most likely to field an initial capability some time
mid-to-late FY15 or early in FY16. I've not seen a schedule, so I'm just
guessing, but it's an informed guess based on my experience with DoD PKI
rollouts.

However, the rules on BYOD are not written yet. This means that while DoD
PKI derived credentials on DoD owned, issued, and managed equipment is
clearly a no-brainer, issuing derived credentials to your personal
equipment (like your Chromebook) is not settled. IMHO this kind of
personal use is unlikely to be approved except for BYOD models where a
CC/S/A runs a Mobile Device Manager (MDM) allowing it to install and manage
the device security policy--making it not really your device while you use
it.

Direct smartcard support is still the more viable short-term option for
personal equipment outside of MDM use case.

-- T

[chro...@googlecode.com]

Comment #53 on issue 220971 by james.h....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I have debated this issue with my IT department head at my command, and I
am just still failing to understand what is the great security risk. Why
not just have something developed between the chromium community and the
DOD. I am not a professional programmer. I know very little in the
programming field, just a little of JAVA, HTML, SQL and Basic. I know
enough though that with collaboration from all parties this can get done
within months. Am I missing something here?

[chro...@googlecode.com]

Comment #54 on issue 220971 by Scott3...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I solved my issue by enabling developer mode, installing Linux Mint on an
SD Card, booting from the SD card, and configuring Firefox to use OpenSC.
I can now use my PIV card with my Chromebook. It's sad that we can't do
this natively. I'm considering removing Chrome OS from it altogether and
just using Mint all the time. I also replaced the 16GB drive with a
128GB. I hope I never have to do that again.

[chro...@googlecode.com]

Comment #55 on issue 220971 by nfkrae...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I would like to stress the significance for CAC PIV support. In addition
to all commonly known DoD employees, Reservists are included in employees
that need 2 step authentication using a smart card.
Please consider increasing the priority of this request.

[chro...@googlecode.com]

Comment #56 on issue 220971 by boondock...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I just sold my Chromebook Pixel LTE because I need to use a CAC card to
access my work email. I've been lugging around an old clunky Windows
computer in addition to my Pixel. I don't think this is a high priority for
Google at all, considering that I've been asking for the feature since the
beginning of 2012. Chrome browser on Windows can already use CAC
certificates to access email. As far as I can tell, the only thing Chrome
OS is lacking is the drivers for CAC readers. If this was a priority, they
would have solved the problem by now. My chromebook is already sold. I'm
upgrading my old Windows laptop to a new one that will actually do
everything I need it to.

[chro...@googlecode.com]

Comment #57 on issue 220971 by cereb...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

As a crude but effective workaround, you can:

- Enable developer mode (THIS WILL ERASE ALL USER DATA YOU WERE WARNED)
- Install crouton (https://github.com/dnschneid/crouton)
- Install any suppoted chroot (Ubuntu 12.04 is the default)
- Start the chroot
- sudo apt-get install firefox pcscd opensc (Alternatively you can fetch
and install the cackey deb package, but I didn't try it. I couldn't get
coolkey to work; much crashy crashy.)
- Follow the steps for enabling Firefox on Linux (
https://militarycac.com/linux.htm) except you're using
/usr/lib/opensc-pkcs11.so as the module (unless you install cackey).

It's mildly inconvenient and a potentially unsafe (a flaw in the chroot
guest could compromise the CrOS host), but it works and it means I don't
have to carry two devices. Thankfully starting the chroot is very fast and
doesn't require a reboot.

It's worth pointing out to those worried about safety that if I were to
succeed in producing a working CrOS overlay with smartcard packages you'd
have to enable dev mode anyway because only Google can produce signed
images. :)

I'm going to read up on dev mode some more to see if I can just add the
needed smartcard components, as that would be easier than producing a
complete build. More as I find it.

-- T

[chro...@googlecode.com]

Comment #58 on issue 220971 by cereb...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I should add: using OpenSC restricts you to PIV mode, which is somewhat
annoying.

Any website that requires the DoD Signature certificate may prompt you for
the PIN frequently.

The DoD Identity certificate will not be accessible, so any site that
requires it (I think MyPay/MyBenefits and DTS have this restriction, and
possibly DEE webmail) will be inaccessible.

Some of these sites may accept the PIV Authentication certificate, however
(I think DEE webmail now works with the PIV AuthN cert) depending on how
the site processes mapping of certs to authorizations.

[chro...@googlecode.com]

Comment #59 on issue 220971 by stephen....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I am in the military and am a recent Chrome convert. I found this thread
while seeking my own solution to this CAC-Chrome problem. Wish I would have
had the forethought to research this prior to my Chrome conversion... This
is a big problem, and will only get bigger with time. My CAC certificate is
not only required for all ".mil" sites that I must access daily, but also
for certifying all emails, and dozens of documents/files. I can't use a
computer/OS that doesn't allow CAC authentication.

Google, this problem isn't going to go away, it will only grow... I know
one of your big customers are school districts. Soon you will see schools
using CAC authentication in their student ID cards to validate student
identify for documents/emails/websites/etc. Fix this problem or Chrome OS
will soon be discarded by the small group of supporters they currently have.

[chro...@googlecode.com]

Comment #60 on issue 220971 by sagunn2...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
http://code.google.com/p/chromium/issues/detail?id=220971

I posted earlier. I finally gave up hope that Google card. Bought a 13"
MacBook Air. So happy. Can run real software again and print to networked
printers. Can use my CAC for most functionality. Chromebook goes to my
three your old as a lavish toy, which is about all that I have decided it
is good for anyway. Thanks Google for demonstrating the limitations of a
thin-client platform.

[chro...@googlecode.com]

Comment #61 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards

https://code.google.com/p/chromium/issues/detail?id=220971

I have an HP haswell chromebook. I have heard that it is possible to run
linux off of a USB or SD card as opposed to running crouton. Does anyone
know how to do this? I love MINT and it isnt available on crouton. I dont
need to switch back and forth. I really am looking to simply carry one very
lightweight computer around as opposed to the dell tank I am issued by the
military.

[chro...@googlecode.com]

Comment #65 on issue 220971 by Scott3...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Jamie,

Ctrl + L is what you press *after* you enable developer mode. There are
several sites with instructions. I have the HP Pavilion Chromebook 14, and
I'm not sure if developer mode instructions are universal or
device-specific. You also have to bring up a terminal window and enable
booting from USB. If you can't find the info, let me know and I can search
for it later.

Scott

[chro...@googlecode.com]

Comment #66 on issue 220971 by karll...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

This happens to be something that is extremely important for chromebook
acceptance at my workplace and of course the acceptance of the general
public. Identity services like this are required in more and more places as
well as the obvious commercial viability.

[chro...@googlecode.com]

Comment #67 on issue 220971 by Hudson...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Hello, still hope chrome is able to catch-up on the CAC access. I am
giving up and will travel with my work laptop (ugh!!!) You are missing
millions of opportunities by not having this capability. Many deployed
personnel (Soldiers, Civilian and Contractor) would find the chrome
platform beneficial because you don't have to worry about drives for
storage. But who want's to buy a system that can only be used for play.
Waste of money.

[chro...@googlecode.com]

Comment #68 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Thursby has hardware/software for about $100 that will read cac card and
access secure military websites. Works on android?!?! Wait for android app
to work on chrome....or google to buy Thursby?

[chro...@googlecode.com]

Comment #69 on issue 220971 by marre...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I am CDT/SPC in love with the idea of a Chromebook for college and work,
but i too would need it to have CAC access.

[chro...@googlecode.com]

Comment #70 on issue 220971 by eug...@commnetsol.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

At some point this will get fixed, but it will be too late as Microsoft
surface tablets will just replace all notions of a chromebook. Sad to see
such a forward thinking company become so myopic...

[chro...@googlecode.com]

Comment #71 on issue 220971 by gpdo...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

There is No way that I'm buying a Microsoft tablet just for this feature.
I'll keep my Chromebook, thanks.

[chro...@googlecode.com]

Comment #72 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

We aren't talking about you. We are talking about the greater masses that
are sick of carrying multiple devices that weight an incredible amount.

[chro...@googlecode.com]

Comment #73 on issue 220971 by gpdo...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I think that I'm a part of the "greater masses" add u haver more than one
device that I carry around. However, I don't want to sacrifice my
preference for working in and with a certain operating system or
environment. That's important too.

[chro...@googlecode.com]

Comment #74 on issue 220971 by dlf...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I stumbled across this trying to do some research to meet enterprise needs,
and I want to add my voice to those asking Google to please add smart card
support to the Chromebook/Chromeos platform.

I am a IT manager in the federal government, and I would like to add that
this is Not just a DoD issue, and not just an issue for contractors or
people working outside the workplace. All government organizations must
pursue support for HSPD-12 for all authentication needs. Due to this, all
of us in the government have to use some form of badging that utilizes
smart cards - these cards provide an integrated physical access and logical
access credential. CAC is the DoD variation, but civilian agencies all have
to use smart card authentication also. Support for PIV cards is mandated
for all agency systems, and spending on non-compliant authentications is
tracked and monitored at the OMB level across all agencies (i.e. the top
levels of government). This means across the entire US government all the
IT departments and agencies are all being held accountable to either use
smart cards, or make successful efforts to use smart cards for all forms of
logical authentication, or they hold back our program funding.

Lack of smart card support will continue to exclude Chromebooks from
government use in the enterprise. Per presidential directive, and the
Government's CIO, all Federal Government agencies are to move
towards "cloud first" and use cloud based services. Most of the
applications my agency uses are web based, but their authentication must
use HSPD-12 compliant PIV authentication. I have looked at use of
Chromebooks as a "thin client" (I know it's an old school term) for our
enterprise needs, but until there is integrated smart card capability, this
is never going to go anywhere. All these hacks will never fly in an
enterprise setting.

Google has done a great job showing how their easy centralized platform
management is a big advantage in the education market. They need to
understand that same advantage can very likely translate to the enterprise
market as more and more enterprise IT needs are addressed by cloud based
apps (whether Google docs or MS Office 365) and web based enterprise apps.
BUT - none of that will be accessible from chromebooks if they do not
incorporate hooks into enterprise based security - smart card capability is
KEY in this.

PS> Google should also look at healthcare as another market when they
evaluate this. Most hospital and physician systems operate as web
applications, so you could potentially use a (very inexpensive and very
standardized) chromeOS device as a thin terminal on all these - if there
was integration to enterprise authentication... for this you need smart
cards and/or RFID integration.

Chromebooks could have so much more potential if they would address this
need.

PPS> One of the biggest reasons IE is the "standard browser" in government
settings is since it comes as part of Windows - not because anyone likes it
better. If Google wants to expand the use if their (better) browser, and
their market share, they have to address how they will integrate their
platform with enterprise security. Smart card use is not the only hurdle,
but it's a Major one they need to face up to and address if they want to
continue to grow.

[chro...@googlecode.com]

Comment #75 on issue 220971 by quentin....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

posting for awareness only, not for endorsement, as I have not tried this
solution myself - but here's something from SecureAuth worth looking into:
http://youtu.be/fyxSLurUJM8.

Hope it helps!

[chro...@googlecode.com]

Comment #76 on issue 220971 by Joe.Maye...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I am an enlisted Air Force member that travels a lot. I bought my wife a
chromebook at home and love it. I would love to get one for myself and
bring it instead of my big windows laptop.

Please add this capability to Chrome OS

[chro...@googlecode.com]

Comment #77 on issue 220971 by ronald.t...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I have switched to using a chromebox at home but the lack of a smart card
reader is really annoying!!!

[chro...@googlecode.com]

Comment #78 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Still nothing on development? I fear this will never happen.

[chro...@googlecode.com]

Comment #79 on issue 220971 by david.ro...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

It might not. The issue is that Google is a services & advertising company.
They put out awesome products like inexpensive Chromebooks and Android
phones so that people will get hooked into their services. Doing the work
to allow us to use CACs would result in exactly zero income for Google
because government workers couldn't switch from government services to
Google ones (for work purposes) even if they wanted to.

Sorry to be a downer, and I really hope this happens eventually, but I
understand why it isn't a priority for them.

[chro...@googlecode.com]

Comment #80 on issue 220971 by Scott3...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

That's not entirely true. GSA uses Google email, but I understand how it
would be a challenge for an agency to move to Chromebooks.

[chro...@googlecode.com]

Comment #81 on issue 220971 by david.ro...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I stand corrected; that's great that GSA has embraced the future somewhat.
I wish my office used Google Drive for everything. It would make
collaboration and access so much easier.

[chro...@googlecode.com]

Comment #82 on issue 220971 by TL.St...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Maybe coming sooner than later.
http://archive.federaltimes.com/article/20141121/MOB/311210011/Derived-credentials-roll-out-across-DoD-by-July-2015

[chro...@googlecode.com]

Comment #83 on issue 220971 by TL.St...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Maybe coming sooner than later. Looks like DoD is picking up the SecureAuth
solution.

[chro...@googlecode.com]

Comment #84 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

So happy to see any movement on this. It has been sooooo long since this
need has been out there.

[chro...@googlecode.com]

Comment #85 on issue 220971 by cereb...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

crouton continues to work as a workaround.

Derived credentials aren't necessarily a solution. They will probably
*not* be available to non-gov't equipment. Those of you working for
an executive agent that buys Chromebooks *may* get them, but it would
be way too much to expect home systems support IMHO.

Physical card support in ChromeOS is still the better bet.

For my part, in re: promises made upthread, while I think I know how
to make it work I simply lack the resources to get it built and
tested--I don't have a system I can use as a build server, the attempt
at a cloud based build server was going to require more memory and
disk than were available at AWS's free tier, and I don't have the time
to hack away at it fast enough to justify the cost of the paid tiers.
-- T

[chro...@googlecode.com]

Comment #86 on issue 220971 by luol...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I would also like to mention that Estonia uses a smartcard for
authentication and authorization. Supporting smartcards in Chrome OS would
go a long way towards making ChromeOS a viable product in Estonia.

[chro...@googlecode.com]

Comment #88 on issue 220971 by bp3...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I agree this would be a great addition to Chrome OS.

Federal Employee

[chro...@googlecode.com]

Comment #89 on issue 220971 by shane.f....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I love my chromebook but sadly i still have to use a windows computer in
order to get into all of the CAC website for work

[chro...@googlecode.com]

Comment #90 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

just checking out the site once again to see if there is any update---two
years and counting. Is any developer still monitoring/checking this site or
working the issue??!??

[chro...@googlecode.com]

Comment #91 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

just checking to see if there are any updates....five years and counting....

[chro...@googlecode.com]

Comment #92 on issue 220971 by jtwebfus...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

How are businesses going to take chromeos seriously if it can't handle CAC
smart card validation?

[chro...@googlecode.com]

Comment #93 on issue 220971 by jared.br...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

The list of U.S. Common Access Card holders is large:
http://cac.mil/common-access-card/

Personnel are authorized to login to CAC enabled websites from home for
work email, travel authorizations/payments, military records, assignments,
deployments, moving information, etc. AKA it's very useful and likely
preventing numerous people from purchasing Chromebooks.

The cards can be utilized on Linux, so it seems that Chrome should be able
to support with some work:
http://iase.disa.mil/pki-pke/getting_started/Pages/linux.aspx

P.S. I've been following this posting for YEARS awaiting an update... it's
depressing. :P

[chro...@googlecode.com]

Comment #94 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Just a heads up for all who follow. If you aren't tech savy enough to work
out all the bugs of running Ubuntu under crouton, then a newer solution may
be chromixium. This is a beta OS that has Ubuntu built in already and
offers all the same solutions as using crouton.
https://plus.google.com/u/0/+ChromixiumOrg/posts
Obviously, this is for those w/o a chromebook but like the CB experience.

The saddest part in all of this is that users must continue to seek out
work-arounds to a problem identified YEARS ago.

[chro...@googlecode.com]

Comment #95 on issue 220971 by karll...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Just imagine the possibilities. The image of Chromebooks and, well,
Chrome-anything seems to revolve around just this seemingly tiny issue.

[chro...@googlecode.com]

Comment #97 on issue 220971 by Jaydahig...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Please, Google. The U.S military and it's federal employees rely on this
technology. I am a big Google fan but Microsoft is winning on this one.

[chro...@googlecode.com]

Comment #99 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I'm getting to the same point. Its just getting too frustrating. I will
have to sell chromebook soon and get Winblows machine. Even though my
company is launching VDI right now it still won't work. I was hoping with
time that Google would find a solution. Four years later we are still
waiting.

[chro...@googlecode.com]

Comment #100 on issue 220971 by Jaydahig...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Google, I believe 100 comments deserves some type of response from somebody
within the organization. What's the real deal? Is anybody working this
issue or is this issue not really a concern? Hire some of these guys that
have found work-arounds, put a nice 'Google' label on it and call it a day.
I just need to do some work on my Chromebook.

[chro...@googlecode.com]

Updates:
Cc: dska...@chromium.org pneu...@chromium.org atwi...@chromium.org

Comment #101 on issue 220971 by sas...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Dear All
Thank you for the immense patience here and sorry that we have made you
wait this long. Good news is that finally this quarter we are putting
dedicated effort into this area. Our first goal will be to enable webpages,
then apps (for virtualization e.g.). If we run into some big roadblocks, we
will disclose here.

[chro...@googlecode.com]

Comment #104 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

saswat.....its a month later. Can you give us a teaser? Any development or
was it tabled again? Any news at all on progress would be excellent.

[chro...@googlecode.com]

Comment #105 on issue 220971 by dska...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

We are still investigating. No teaser yet, we'll update the thread as soon
as we have one!

[chro...@googlecode.com]

Comment #106 on issue 220971 by markalto...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I am new to the Chromebook. I picked because it is not windows. I would
like to use my CAC in the Chromebook. Do we have an idea of when this Item
will be worked by the development team.

[chro...@googlecode.com]

Comment #107 on issue 220971 by dska...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

We are in the process of adding PCSC support for Chrome OS. If you know of
the middleware vendors who provide access to your favorite cards, please
help us get in touch with them.

[chro...@googlecode.com]

Comment #108 on issue 220971 by Wilson.C...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

CAC enablers?

I currently use CACKey and it works well with chrome.

https://militarycac.com/MacVideos.htm

[chro...@googlecode.com]

Comment #109 on issue 220971 by dska...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Thanks Chelsea. Who is the author of this library? We would need to contact
the author to provide details on how this can be ported to work on Chrome
OS.

[chro...@googlecode.com]

Comment #110 on issue 220971 by jtwebfus...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

If you can get ActivClient working, you'll get a lot of business from the
Gov. Contractors.

https://www.google.com/url?sa=t&source=web&rct=j&url=https://militarycac.com/activclient62update.htm&ved=0CGMQFjALahUKEwj596Dby7LHAhXJpB4KHaCcCBM&usg=AFQjCNGKuFOmYjzcuUVIeBxN8OR_3cs1cw&sig2=1wg1QTL0ARRJtR5JjcG87Q

[chro...@googlecode.com]

Comment #111 on issue 220971 by p...@kumondo.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Belgian e-id is covered here:
http://eid.belgium.be/en/developing_eid_applications/

[chro...@googlecode.com]

Comment #112 on issue 220971 by Wilson.C...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

https://github.com/Conservatory/CACKey/blob/master/LICENSE

[chro...@googlecode.com]

Updates:
Owner: dska...@chromium.org

Comment #115 on issue 220971 by dska...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Thanks everyone for all the leads. Ideally, we are looking at providing
PCSC support. For obvious reasons, we cannot package all middleware
libraries out there ourselves. If you see libraries that are interesting
for you, open bugs on their trackers and have them come back to this thread
so we can properly communicate how they can move forward in providing
Chrome OS support.

[chro...@googlecode.com]

Comment #118 on issue 220971 by dska...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Issue 217882 has been merged into this issue.

[chro...@googlecode.com]

Comment #119 on issue 220971 by clearmin...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Here's some references below that may be helpful:
- Vendors can request "Test Generic or Test Tailored" smartcards, by
submitting this form.
[Federal ID, test card request form and instructions:]
http://fedidcard.gov/viewdoc.aspx?id=211

- There are multiple methods for certificate mapping, refer to:
[HowTo: Map a user to a certificate via all the methods available in the
altSecurityIdentities attribute:]
http://blogs.msdn.com/b/spatdsg/archive/2010/06/18/howto-map-a-user-to-a-certificate-via-all-the-methods-available-in-the-altsecurityidentities-attribute.aspx

[chro...@googlecode.com]

Comment #121 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Almost 4 months....any development?!? Any encouraging note would be helpful.
My chromebook has become a dust collector and am looking to invest in
something different. Please tell me that I dont have to revert to winblows
system.

[chro...@googlecode.com]

Comment #127 on issue 220971 by dska...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

As an addition to #126, we are actually working on an extension that
exposes PCSC API by coding on top of chrome.usb. AS rsleevi mentioned,
anyone can actually do the same thing, but we will do this mainly since
this is a reusable piece for most smart card applications. This is for e.g.
what the Gemalto driver codes against. We are also now trying to port Open
SC to work on top of this.

[chro...@googlecode.com]

Comment #130 on issue 220971 by t...@buttersideup.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Any news on whether this API will make it possible to talk to the Chrome
OS "Chaps" PKCS #11 service provider so that the native ChromeOS secure key
store could be used instead of a USB device?

https://www.chromium.org/developers/design-documents/chaps-technical-design#TOC-PKCS-11-Software-Mechanisms

[chro...@googlecode.com]

Comment #131 on issue 220971 by dska...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

System support for smart cards will only require a subset of PKCS#11
(signature and listing certificates) noted in the
chrome.certificateProvider API.

To generate secure keys off the device and use them to enroll for a
certificate and later import it into the system, you can use
chrome.enterprise.platformKeys. The resulting certificate would be backed
by the key store and available in the system's certificate store to preform
mutual TLS.

[chro...@googlecode.com]

Comment #132 on issue 220971 by t...@buttersideup.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

The use case I had in mind was to plug the existing openssh pkcs#11 support
code into the Chrome OS device's key store. Openssh running within NaCl is
the basis of the ChromeOS ssh client.

This would be used to securely store ssh user authorisation private keys in
the system's certificate store.

Second best option would be to do the same via a USB device which provides
PKCS#11.

[chro...@googlecode.com]

Comment #133 on issue 220971 by dska...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

OK I see. This is out of scope of this feature. Feel free to file a
different request on crbug so we can triage it properly.

[chro...@googlecode.com]

Comment #134 on issue 220971 by t...@buttersideup.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

OK thanks. Just so I'm clear, which of the following parts are out of
scope:

. Access by a Chrome extension to USB PKCS#11 devices

. Access by an NaCl extension to USB PKCS#11 devices

. Access by a Chrome extension to Chrome OS key store via PKCS#11 API

[chro...@googlecode.com]

Comment #135 on issue 220971 by rsl...@chromium.org: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

All three.

There are no plans at present to expose any API like PKCS#11. It is a bad
API.

[chro...@googlecode.com]

Comment #136 on issue 220971 by hughe...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

"System support for smart cards will only require a subset of PKCS#11"

Does that statement still hold true and is this something that remains
viable/actionable?

Thanks.

[chro...@googlecode.com]

Comment #137 on issue 220971 by deeng...@gmail.com: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

OpenSC really has an internal API, which is called by the OpenSC pkcs11,
the OPenSC Mindriver for Microsoft CNG,
and the OpenSC Tokend for Mac OS. OpenSC also has an OpenSSL engine. The
point is the sc_pkcs15_* routines
and the sc_* routines could be used with some additional code with some
Chromium API without using PKCS#11.

On the other end, OpenSC has a reader-PCSC interface, and also a
reader-OpenCT interface,
so it could also adapt to another API for the readers.

Speaking as the OpenSC PIV driver developer, to all the CAC users: When I
started writing the PIV driver,
in 2004, the view was DOD was converting all CAC to PIV, and the DOE
contractor I worked for was never going to use
CAC. I have never had a CAC card of my own, but still have many PIV cards
(I am retired.) Here it is 11 years later
and DOD still has not converted (or so it sounds form the comments) and
very few CAC users have ever report
what the issues are with OpenSC's PIV driver. If any of you have some
input on CAC vs PIV,
please report on one of the mailing lists:

https://github.com/OpenSC/OpenSC/wiki/OpenSC-Services#mailing-lists

[chro...@googlecode.com]

Comment #138 on issue 220971 by Sergey.S...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Please update on the progress in developing the extension that exposes PCSC
API by coding on top of chrome.usb, as mentioned in #127. Can you share the
source code for the extension on GitHub?
Thanks.

[chro...@googlecode.com]

Comment #139 on issue 220971 by frank.co...@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

Going from chrome.usb to a full PC/SC stack might be too difficult. But
limiting towards CCID is doable. We just finished an implementation for the
Belgian eID card, even supporting secure pinpad readers.

[chro...@googlecode.com]

Comment #140 on issue 220971 by goo...@rkeene.org: Req - smartcard support

for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

I'm the author of CACKey -- I recently got a Chromebook and am working on
creating a Chrome extension to talk to my US CAC and PIV smartcards.

I've used the Native Client SDK to create libcackey.so for x86_64-nacl, but
I am not sure where to get the appropriate "x86_64-nacl_libpcsclite.so"
(referenced in another thread) to reference in my "native client manifest"
as a "file".

Creating a bridge between chrome.certificateProvider and a PKCS#11 module
should be relatively straight-forward -- does one already exist ?

[chro...@googlecode.com]

Comment #141 on issue 220971 by jamie.a....@gmail.com: Req - smartcard

support for federal CAC and PIV cards, bank cards
https://code.google.com/p/chromium/issues/detail?id=220971

After two years of waiting and almost weekly checking this feed I finally
see progress yet the one guy willing/able to make a change has yet to
receive an answer (post #140). Is there no one who can help him?