3rd party uses of NHS Smart cards

(Jakob Mathiszig Lee) #1

Has anyone managed to get an NHS Smart to work with 3rd party apps beyond just authenticating with the spine. I’ve got a few ideas brewing but one of the main ones would be in implementing digital consent forms with them being sealed and signed cryptographically with a key.

Given most people are wondering round with one loaded on their smart card that seems like a pretty logical choice. So anyone done anything similar, is it even possible?

(Matt Stibbs) #2

I passed your post to an ex-colleague who I know fiddled with smart cards a fair amount. He said:

Sure. There are two certificates on the card, one designed for authentication and the other for signing (eg prescriptions). You can use either for digital signing.

You need to use pkcs11 api to address the card for this - some higher level libraries like bouncy castle (java) can use a pkcs11 key store.

For c# you can use secureblackbox (commercial) but not the inbuilt stuff

Don’t know if that’s helpful at all!

(James Berry) #3

Wise words there, Matt :slight_smile:

(Marcus Baw) #4

@matthew.stibbs good info!

@JMathiszig-Lee great to hear of people looking at wider uses smart cards as a potential source of a personal private key for signing and authentication. Incredible (but not surprising) that largely smartcards are seen as purely a mechanism for Spine authentication and nothing more.

When NHSbuntu/NHoS had a bash at an open-source and cross-platform Identity Agent last July, we used PKCS11 libraries (I say ‘we’… I was utterly lost after a few minutes as @robdykedotcom and Ciàn Hughes from Deepmind Health zoomed off metaphorically into the distance) and our code from that escapade is here:

(Matt Stibbs) #5

Oh bloody hell if I’d known you were on here you could have answered it yourself!

Those were @james words above ^


(Jakob Mathiszig Lee) #6

Great tips guys, think the smart cards are a great and underutilised tool. Think there’s a ton of scope to do some cool stuff with them!