Topic: external client certificate verification

Hi,
I am building an http client to connect to IIS which is configured to request client certificate.
The private key is stored in a smart card. The key should not leave SC. We can supply the .cer file to library, but can not suuply private key (pem/pfx/p12).
The application will be written for windows under VS and android (Java).

We can not use CSP.
HttpWebClient (C#) / HttpsURLConnection (Java) do not allow to verify X.509 cert externally (must have private key.)

How to use WolfSSL to accomplish this task.

Thanks.

Share

Re: external client certificate verification

Hi,

wolfSSL currently only provides the functionality to load keys and certificates from files or memory buffers in either PEM or DER format.  We haven't yet ported wolfSSL into a smart card API, but could explore doing so on a consulting basis if desired.

Is this something that you would like to explore?

Best Regards,
Chris

Re: external client certificate verification

We have the library to communicate with smart card.
The certificate verification requires signing the certificate DER data with the private key.
We can handle the signing process (implementing our call back function).

We are looking for the callback insertion point. Our callback function will take take care of signing the data.

Thanks.

Share