Douglas, /usr/sfw/lib/libusb_plugins/ contains only one file: ifd-ccid.bundle
I built ccid-1.3.10 with the following options: env PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS="-L/usr/local/lib -lpcsclite" LIBUSB_CFLAGS=-I/usr/sfw/include LIBUSB_LIBS="-L/usr/sfw/lib -lusb" ./configure CCC=/opt/SunStudioExpress/bin/CC CC=/opt/SunStudioExpress/bin/cc --enable-usbdropdir=/usr/sfw/lib/libusb_plugins/ (Note I never recompiled ccid with sunstudio12.1 because this older binary seems to work fine with the pcsc-lite I just recently compiled. For consistency sake I ought to recompile ccid with the same version of the Sun Studio compiler I used for pcsc-lite). Thank you for the tip about pcsc-lite not working as a backend for OpenSC with one of the older CACs. For some reason I was thinking I could use pcscd as the backend and OpenSC's pkcs#11 module to access the CAC certificates. If it was that easy people would have done that years ago before DoD started issuing the new PIV-compliant cards. When I get a chance, I'll try to upgrade to one of the new cards that contains both PIV and CAC certificates, and trying accessing the certificates as PIV via OpenSC. That seems cleaner than trying to fuss with coolkey, which I'm having trouble getting to compile. In the future (i.e. once all of the older CACs expire) everyone should transition to the new cards which support PIV. I'll report back to the list with my results. Kevin Douglas E. Engert wrote: > > > Kevin Reinholz wrote: >> I cleaned up my compile directions for pcsc-lite and ccid a little: >> >> pcsc-lite-1.5.3: >> >> ./configure CCC=/opt/sunstudio12.1/bin/CC >> CC=/opt/sunstudio12.1/bin/cc --sysconfdir=/etc --prefix=/usr/local >> --enable-usbdropdir=/usr/sfw/lib/libusb_plugins/ >> >> make >> >> pfexec make install >> >> pfexec mkdir /usr/sfw/lib/libusb_plugins/ >> >> ccid-1.3.10: >> >> env PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS="-L/usr/local/lib >> -lpcsclite" LIBUSB_CFLAGS=-I/usr/sfw/include >> LIBUSB_LIBS="-L/usr/sfw/lib -lusb" ./configure >> CCC=/opt/sunstudio12.1/bin/CC CC=/opt/sunstudio12.1/bin/cc >> --sysconfdir=/etc --prefix=/usr/local >> --enable-usbdropdir=/usr/sfw/lib/libusb_plugins/ >> > > On Solairs 10 I have always built pcscd-1.5.3 with the --disable-libhal > as I did not run hal. The messages below indicate hal is involved. > > Also added -R/path/to/prefix/lib:/usr/sfw/lib to the LDFLAGS. > > > I also did not change the usbdropdir, and so it is > $prefix/pcsc/drivers and contains > %find pcsc -ls > 726204515 2 drwxr-xr-x 3 b17783 c250 2048 Oct 7 2008 > pcsc > 726204549 2 drwxr-xr-x 3 b17783 c250 2048 Oct 7 2008 > pcsc/drivers > 726204555 2 drwxr-xr-x 3 b17783 c250 2048 Oct 7 2008 > pcsc/drivers/ifd-ccid.bundle > 726204557 2 drwxr-xr-x 3 b17783 c250 2048 Oct 7 2008 > pcsc/drivers/ifd-ccid.bundle/Contents > 726204561 2 drwxr-xr-x 2 b17783 c250 2048 Jun 8 15:53 > pcsc/drivers/ifd-ccid.bundle/Contents/Solaris > 726206242 204 -rwx--x--x 1 b17783 c250 208200 Oct 7 2008 > pcsc/drivers/ifd-ccid.bundle/Contents/Solaris/libccid.so.1.3.1 > 726206252 208 -rwx--x--x 1 b17783 c250 211972 Jun 8 15:53 > pcsc/drivers/ifd-ccid.bundle/Contents/Solaris/libccid.so.1.3.10 > 726206284 1 lrwxr-xr-x 1 b17783 c250 17 Jun 8 15:53 > pcsc/drivers/ifd-ccid.bundle/Contents/Solaris/libccid.so -> > libccid.so.1.3.10 > 726206240 14 -rw-r--r-- 1 b17783 c250 14060 Jun 8 15:53 > pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist > > > What is in the your: usr/sfw/lib/libusb_plugins/ > > What options did you use with ccid-1.3.10? > >> make >> >> pfexec make install >> >> Running the pcsc daemon in the foreground with my USB card reader >> plugged in reveals: >> >> reinholz at etrenank:~$ pfexec /usr/local/sbin/pcscd -d -f >> 00000000 pcscdaemon.c:266:() pcscd set to foreground with debug send >> to stderr >> 00000302 pcscdaemon.c:505:() pcsc-lite 1.5.3 daemon ready. >> 00198528 hotplug_libhal.c:307:() Looking a driver for VID: 0x0430, >> PID: 0x00A2 >> 00000757 hotplug_libhal.c:307:() Looking a driver for VID: 0x0566, >> PID: 0x4006 >> 00000605 hotplug_libhal.c:307:() Looking a driver for VID: 0x0430, >> PID: 0x100E >> >> Which seems to indicate that pcsc isn't communicating with libusb >> correctly if it's not finding a driver for my SCM SCR331 smart card >> reader. >> > > I also had issues with ActivCard USB Reader V2.0 that claimed to be > upgradeable to SCM SRC 331 > via a firmware upgrade. Never got these to work correctly, We use > GemPC Twin readers instead > with PIV cards. > > >> I also tried opensc (available in the Contrib IPS repository) and >> openct (only available in the OldPending IPS repository). I had to >> manually compile opensc from source in order to get it to recognize >> openct (it probably wouldn't be a bad idea to manually compile openct >> as well), but openct is able to detect my smart card reader and >> communicate with it: >> >> reinholz at etrenank:~$ openct-tool list >> 0 CCID Compatible >> >> reinholz at etrenank:~$ openct-tool atr >> Detected CCID Compatible >> Card present, status changed >> ATR: 3b db 96 00 80 1f 03 00 31 c0 64 77 e3 03 00 82 90 00 c1 >> >> However, openct (and opensc when using openct to communicate with the >> card reader) cannot read the contents of my smart card, which is an >> older Oberthur Common Access Card (CAC). > > Note: OpenSC does not support the CAC card, but it does support the > PIV card. > So unless your CAC card also supports PIV as defind by NIST 800-73, > OpenSC wont work today. > If you have a combination card that supports both CAC and PIV, > the ATR listed in not in OpenSC, but could be added to the opensc.conf. > I would be interested if you have such a card. > >> >> reinholz at etrenank:~$ openct-tool read >> Detected CCID Compatible >> Card present, status changed >> failed to read memory card: Operation not supported >> >> I can manually compile opensc to use pcsc in addition to or instead >> of openct to communicate with my card reader, which is my goal so I >> can use opensc's PKCS#11 module instead of struggling with Red Hat's >> coolkey (which appears to no longer be developed). However, until I >> get pcsc to properly detect my card reader, I can't do that. >> > > > If you have any issues with the OpenSC and PIV drop me a note. > >> A very tempting alternative is to upgrade to one of the new >> PIV-compliant CACs that reportedly works smoothly with opensc and >> openct without the need to fuss with pcsc, coolkey, etc. >> http://lists.apple.com/archives/fed-talk/2009/Apr/msg00027.html >
