How does Chrome browser read from smart card for client certificate authentication?

[ajee cai]

Hi, 

I am just thinking about what happens underneath when I select a client certificate from chrome popup for smart card case.

From openssl command line, it seems client certificate authentication is done by "openssl s_client -cert cert_name -key key_name ...." which actually calls "set_cert_key_stuff(ctx, cert, key, chain, build_chain)", then all things done. While for smart card, the private key could not be read out. I use APDU trace to find out, the browser seems to pass some data to smart card and then smart card sign this data with its private key and pass back to browser, then browser fills its client verify message. 

So here my question is: How does Chrome talk with smart card exchanging this signature information, is there any OS API to call for smart card? I don't think it is done by lower layer APDU, it must be some abstract layer, is there for both Linux and Windows? And could somebody point out which part of Chrome code handing this logic? 

Thanks a lot. 

[Radu Coriu]

I would also be interested in this