1

I have a to write a program with Qt/C++ that is supposed to work with an awkward cryptographic platform based on CAPICOM/IE6 and a USB token holding the private key of digital signature. Users of system must follow these steps to login:

  1. Install a fake root CA on their system
  2. Install CAMICOM
  3. Plug their token
  4. Open Internet Explorer (and no, other browsers won't work), enter the URL, enter username and password, click on login.

I'm planning to remove CAPICOM (if possible) and make the system as cross-platform as possible. I can think of two scenarios:

  1. Remove CAPICOM and make a replacement for it using modern cross-platform tools
  2. Somehow make the Qt code to use CAPICOM and remove web browser's role.

Any help about how CAPICOM works (especially what exactly it is signing) and how to connect to USB token (ePass 3003) is helpful.

sorush-r
  • 10,490
  • 17
  • 89
  • 173
  • If you can stick to Windows then you can just rewrite the CAPICOM parts using the normal CryptoAPI, which is what CAPICOM would have been using under the covers. I'd expect the USB token provider is built into or integrated with CryptoAPI anyway so that should just work. – Rup Apr 01 '14 at 17:04
  • Eliminating all other operating systems except Windows, is not a good option for me, but if can proof that there is no backward-compatible plan to write the new system, then I can agree on the Windows-only solution. – sorush-r Apr 01 '14 at 17:36
  • Sure - it will be possible on other platforms too, but the CryptoAPI port ought to be straightforward from what you've got. For other platforms you probably want OpenSSL with its hardware module support. The ePass data sheet says it supports Linux and Mac so hopefully the manufacturer can tell you how to do it if it's not obvious. – Rup Apr 01 '14 at 17:46

0 Answers0