Remote Access to smart card readers
NOTE: This page is completely untested.
OpenCT includes a very simple facility to access smart card readers on a remote system. Please note that this mechanism has no security mechanisms in it at all. Therefore please use it only on trusted networks, or add a security wrapper like openssl to it.
The setup needs to be done one two machines: the machine with the reader, and the machine with the software that wants to access the reader. We will call these machines "mwr" and "mws" in this example.
On the machine with the reader, add it as usual to the openct.conf, here is an example for a serial reader:
reader xiring {
        driver = xiring;
        device = serial:/dev/ttyS0;
};
In addition to that you need to start ifdproxy on the machine with the reader, and point the proxy to the machine with the software:
root@mwr# ifdproxy export xiring /dev/ttyS0 mws:6666
On the machine with the software, you need to edit openct.conf like this:
ifdhandler = /usr/sbin/ifdhandler;
ifdproxy {
        server-port     = /var/run/openct/proxy,
        device-port     = :6666;
};
reader xiring {
        driver = xiring;
        device = remote:serial1@/var/run/openct/proxy;
};
and then start openct via the init.d script as normal:
root@mws# /etc/init.d/openct start root@mws# ifdproxy server
now you should be able to see the remote reader using the ifproxy list command:
root@mws# ifdproxy list Exported devices serial1 MachineB's_IP xiring
Adding security
As discussed, the setup above is completely unsecure. But with the openssl commands, it can be improved:
TODO