Authenticating Web Apps with your USB ActiveKey from Linux

After the previous story about authentication of Linux services against your USB ActiveKey, I received a lot of questions about using actual web applications with that same key. Is it possible? Well, as some people already pointed out in the comments, sure it is.

For a starter, I'll assume you've already followed the previous article and have it working on Linux. If you haven't, I doubt these next few things will work either.

First of all, you'll have to get the proper security device installed. This will be the CoolKey device that you configured before. In FireFox (or IceWeasel... what's in a name) go to: Edit → Preferences → Advanced → Encryption → Security Devices. In the Device Manager, load a new device named "CoolKey" (or whatever you want it to be) and select as module:

/usr/lib/pkcs11/libcoolkeypk11.so

If the module is named differently (this is on Debian), change as necessary. You should get the following kind of view:


Your key should appear below:


...and that's that. Now you can try connecting to a key-enabled website, like your company's Web Communicator site. If all goes well, the CoolKey module will prompt you for your key "master password":


Once you have entered it, the website will prompt you to provide your certificate.


And boom... the website loads. Brilliant.


What's even more surprising: this thing actually loads in Firefox - the only minor annoyance is the address bar in that tiny window. But hey, I would have at least expected it to barf on a non-IE browser. :-)

Enjoy!