#signature

bin+lib bloss-native

Native messaging host for OpenPGP smart card signing

6 releases

0.2.0 Mar 29, 2023
0.1.4 Mar 27, 2023

#1026 in Cryptography

MIT license

21KB
440 lines

bloss-native

Bloss (Web Library for Openpgp Smartcard Signing) enables Chrome extensions to produce digital signatures for arbitrary messages using locally connected OpenPGP smart cards.

bloss-native is the native messaging host that serves as the middleware between the browser code and smart cards. It communicates with the smart cards using CCID connections (which are inaccessible by browser code) and communicates with browser code by passing JSON messages through standard input/output streams, as per the chrome native messaging API.

Install

The provided install.sh works for macOS and Linux systems.

./install.sh <your Chrome extension ID>

It will download and install bloss-native from crates.io and register it as a Chrome native messaging host. Your extension will be listed as an allowed origin in the host's manifest.

Alternatively, you can do the same thing manually by following the steps below.

Download and install bloss-native executable

Run the following to download and install from crates.io:

cargo install bloss-native

This will install the bloss-native executable in your preconfigured Cargo installation root (details). If you don't have one configured, the default installation location is $HOME/.cargo/bin/bloss-native.

Register bloss-native as native messaging host

Copy the provided com.harrisluo.bloss_native.json manifest into the native messaging hosts directory. See the Chrome docs to find out where this is for your browser and operating system.

In the manifest, replace HOST_NAME with the absolute path to the newly installed bloss-native executable. Replace EXTENSION_ID with the ID of the Chrome extension that will use the native messaging host.

API

Browser extensions communicate with bloss-native using the Chrome native messaging protocol (details). Messages are JSON-encoded.

{"command":"ListCards"}

Return the list of OpenPGP smart cards connected to the local machine.

{"command":{"SignMessage":{"aid":"<AID>","message":[<message>],"pin":[<pin>]}}}

Sign a message with the signing key of the OpenPGP smart card specified by the application identifier <AID>. The message is a JSON-encoded list of integers in the range [0, 255] (the bytes of the message). For PIN-protected cards, the PIN must be provided as a list of integers in the range [0, 255] (the ASCII encoding of the PIN string).

Dependencies

~3–4.5MB
~82K SLoC