Versions Compared

Old Version 3

changes.mady.by.user Jan Wendenburg

Saved on

compared with

New Version 4

changes.mady.by.user Suk-Kyu Frisch-Lee

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Added

What is cgTunnel?

cgTunnel ensures that APDU messages between a backend middleware and a local PC/SC Driver on the computer of an end user are transferred in both directions via a network.

For this purpose, the messages are transmitted by the cgTunnel server. Clients of the cgTunnel Server are the cgTunnel client in the backend and the cgTunnel agent on the end user computer. certgate components. cgTunnel is multisession capable and designed to operate up to a few hundred virtual PC/SC sessions in parallel.

Image Added

cgTunnel enables a secure messaging channel for end-to-end-encryption from the PKCS#11 library backend to a secure element connected with a local PC/SC driver on the end user workstation.

Optionaler Content:

The smartcard management server runs in the backend in its own process binding a PKCS#11 library. certgate provides a customized PC/SC Lite process offering a standard conform PC/SC Lite interface for the PKCS#11 library. The PC/SC Lite process acts as a cgTunnel Client automatically connecting to the cgTunnel Server on start up. It also receives push notifications for each cgTunnel Agent connecting to the cgTunnel Server.

The cgTunnel server hosts the core cgTunnel service based on Apache Tomcat technology. It offers two websockets: One for cgTunnel clients and one for cgTunnel agents. The Tomcat process is configured to use SSL/TLS security for connections to these sockets.

The Client Workstation receives a java web applet on an internet browser from the smartcard management server acting as a cgTunnel agent. After connecting to the cgTunnel Server, it receives the APDU commands from the backend PKCS#11 library, redirects them to the locally connected smartcard reader and sends response APDUs back.

cgTunnel Highlights

Product NamecgTunnel

Communication

APDU network routing
Security

Enables secure messaging for end to end encryption

StandardsPC/SC, TLS / SSL, Java
Interfaces

PCSC Lite, Java API

Supported Platforms

Apache Tomcat, Red Hat Enterprise Linux, Java

ScalabilityMultisession capable up to few hundred parallel connections1
High AvailabilityWith load balancer

1 Depending on hardware and network connection

cgTunnel Components

cgTunnel Server

  • Server Core
  • Client Interface
  • Agent Interface
  • Basic Access Management Interface
  • Runs on Apache Tomcat 7.0.47 or higher
  • Apache Portable Runtime (APR) recommended for productive environments
  • A valid SSL/TLS certificate for the Apache Tomcat
  • Delivery as WAR / JAR files
  • Tested on Apache Tomcat Server Version 7.0.47 and 7.0.54 with HP ProLiant BL460c G7 Server Blade 2 CPUs / 12 Cores, 48 GB RAM, 2x300 GB HDD

cgTunnel PCSC Lite

  • Delivery as RPM package
  • Runs on Red Hat Enterprise Linux 6.4 and higher
  • Tested on Red Hat Enterprise Linux 6.4 and 6.5 / 64bit / x86-64

cgTunnel Agent

  • Delivery as cgTunnel Agent Java Library with API and demo code
  • Tested with Java 6, 7 and 8