Q: is it possible to access smartcard reader connected to a computer from a web browser running on the same machine?

问：是否可以从运行在同一台计算机上的 Web 浏览器访问连接到计算机的智能卡读卡器？

A: Yes, it is possible. I was able to do that by using a signed JAVA applet. The java applet needs to be signed since it will require user to grant permission to access system files/hardware(same as letting an applet write/edit/delete a text file for you).

答：是的，这是可能的。我能够通过使用签名的 JAVA 小程序来做到这一点。java小程序需要签名，因为它需要用户授予访问系统文件/硬件的权限（与让小程序为您编写/编辑/删除文本文件相同）。

Why java? the smart card reader I used already has a JAVA API, it also have examples on accessing it using java. But the examples are coded in swing. (like a standalone desktop application) What I did is simply porting the java swing code to applet on a browser. I successfully used this applet to make a login and log out on a website/webapp by requiring smart cards, username and password. Pretty secure I would say.

为什么是Java？我使用的智能卡读卡器已经有一个 JAVA API，它也有使用 java 访问它的例子。但是这些示例是用 Swing 编码的。（就像一个独立的桌面应用程序）我所做的只是将 java swing 代码移植到浏览器上的小程序。通过要求智能卡、用户名和密码，我成功地使用这个小程序在网站/网络应用程序上进行登录和注销。我会说很安全。

The source code? As much as I would like to share it, but I'm bound on a company contract to not share the code. Just find a sample smart card access using java and just port it to applet(for web)

源代码？尽管我很想分享它，但我受公司合同的约束，不能分享代码。只需找到使用 java 的示例智能卡访问并将其移植到小程序（用于网络）

I hope this helps

我希望这有帮助

You can also have a look at this beta native plugin:

你也可以看看这个测试版原生插件：

https://github.com/ubinity/webpcsc-firebreath

https://github.com/ubinity/webpcsc-firebreath

It is cross-browser/cross-pltaform plugin based on firebreath framework, exposing a subset of the PCSC API.

它是基于 firebreath 框架的跨浏览器/跨平台插件，公开了 PCSC API 的一个子集。

When this proposal "Smart cards in browsers" gets implemented, we will also be able to use JavaScript for this.

当这个“浏览器中的智能卡”提案得到实施时，我们也将能够为此使用 JavaScript。

I worked on doing the same circa 2012, back then, I worked on top of a previous work that provided a Java Applet.

我在 2012 年左右开始做同样的事情，当时，我在之前提供 Java Applet 的工作的基础上工作。

Nowadays [December 2015], It makes even less sense to use a Java Applet due to 'recent' security problems, and following dismissal of support for Java Applets, and the native plugin technologies are also being discontinued as well.

如今 [2015 年 12 月]，由于“最近”的安全问题，以及在取消对 Java Applet 的支持之后，使用 Java Applet 变得更没有意义，并且本机插件技术也将停止使用。

Regardless of the current usefulness of a Java Applet, picking up on @Glen Allen's answer, I'm not bound by contract, and here is the open source code of an example Applet: https://github.com/ist-dsi/signature

不管 Java Applet 目前是否有用，接受@Glen Allen 的回答，我不受合同的约束，这里是一个示例 Applet 的开源代码：https: //github.com/ist-dsi/签名

It was built upon a thesis work and it produces documents in this format: http://www.w3.org/TR/xmldsig-core/more info on the why's can be found in the abstract of that MsC thesis https://fenix.tecnico.ulisboa.pt/downloadFile/395139415358/resumo.pdf(the author is a better engineer than thesis writer though, but it might be a good point to start if you want to know the state of the art of the thing, although is old)

它建立在论文工作的基础上，并以这种格式生成文档：http: //www.w3.org/TR/xmldsig-core/有关原因的更多信息可以在该 MSC 论文的摘要中找到https:// fenix.tecnico.ulisboa.pt/downloadFile/395139415358/resumo.pdf（尽管作者是比论文作者更好的工程师，但如果您想了解事物的最新状态，这可能是一个很好的起点，虽然老了）

There are more requirements that on hindsight and without knowing made some odd choices of technologies on the code that I give you here, just disregard that part :)

事后看来，还有更多的要求，并且在不知道的情况下对我在这里提供的代码做出了一些奇怪的技术选择，请忽略那部分:)

One of the answers here hinted on PKCS_11 and open standards. Maybe the trick resides in a smart card reader driver that automatically sets up the certificate infrastructure on the client side, I remember having to go through lots of hoops though to setup my ID card's smart card with a reader on Mac OS X with Chrome [AFAIK it wasn't easy to set up the smart card reader with Apple's keystore, and perhaps also not that easy back then to have Chrome configured so that it would use client authentication and requested access to Apple's keystore].

这里的答案之一暗示了 PKCS_11 和开放标准。也许诀窍在于智能卡读卡器驱动程序，它会自动在客户端设置证书基础设施，我记得必须经历很多麻烦，但在 Mac OS X 和 Chrome [AFAIK] 上使用读卡器设置我的身的智能卡使用 Apple 的密钥库设置智能卡读卡器并不容易，而且在当时配置 Chrome 以使用客户端身份验证并请求访问 Apple 的密钥库可能也不是那么容易]。

Or maybe the NFC + SmartCard and a mobile app will be the way to go.

或者 NFC + SmartCard 和移动应用程序将是可行的方法。

It just is such a waste to have whole countries with IDs with SmartCards, lots of government services already with webapps, and no easy way to connect the two.

让整个国家都拥有带有智能卡的 ID，许多政府服务已经带有 web 应用程序，并且没有简单的方法将两者联系起来，这简直是一种浪费。

Cheers.

干杯。

You can use a signed Java applet to access the reader. Signed applets are allowed to access hardware peripherials, the smartcard reader can be accessed via the Java Crypto API.

您可以使用已签名的 Java 小程序来访问阅读器。允许签名的小程序访问硬件外围设备，智能卡读卡器可以通过 Java Crypto API 访问。

Hope this helps.

希望这可以帮助。

If you can access the smartcard on your file system, like when a USB drive is connected and appears as a separate disk, then you can simply use flash.net.FileReference.

如果您可以访问文件系统上的智能卡，例如当 USB 驱动器已连接并显示为单独的磁盘时，那么您只需使用flash.net.FileReference.

You can't achieve this with ActionScript/Flash if you've to stick to the browser.

如果您必须坚持使用浏览器，则无法使用 ActionScript/Flash 实现这一点。

Adobe AIR could do this, but then you'd have to build an application which the user has to install prior to using it.

Adobe AIR 可以做到这一点，但是您必须构建一个应用程序，用户必须在使用之前安装该应用程序。

Something like this (AIR): http://cookbooks.adobe.com/post_Mass_Storage_Device_Detection_AIR_2_0-16747.html

像这样的东西（AIR）：http: //cookbooks.adobe.com/post_Mass_Storage_Device_Detection_AIR_2_0-16747.html