Previous: , Up: Client Authentication  


3.2 Authentication With Service

Before you access a web service which requires client authentication, for instance a fictious web service ‘https://example.com’, the OpenPGP card should be present. In this case, a pop-up window will appear that requests you to enter the PIN number protecting the authentication key on the OpenPGP card. After entering the PIN number, your browser will be authenticated to the server. If the server accepts your request and certificate, this is all which is required. You should leave the card in the reader as long as the connection persists. Depending on how aggressively GPG Agent caches your PIN number, you may have to enter the PIN number again later to keep up the connection to the server.

If the card is not present, or you enter the wrong PIN, or the server does not admit your certificate, you will get an error message. This error message is generated by the application and Scute can not influence it. Unfortunately, in Firefox (at least up to version 38.5.0), this error message is not very user friendly. For example, entering a bad PIN results in the following generic error message, and the Try Again button does not work as expected:

firefox-bad-pin