John Minson wrote:
CENTOS 4.1 fully updated
trying to get a ActivCard, Inc. SmartCard Reader working with a D.O.D
'CAC' card with Firefox
configure/make/install ccid-0.4.1 _/*OK*/_
configure/make/install pcsc-lite-1.2.9-beta9 _/*OK*/_
testpcsc _/*OK*/_
<SNIP>
Card ATR: 3B 75 12 00 00 29 05 01 04
01
Note that the ATR for the CACs I have access to is
Card ATR: 3B 65 00 00 9C 02 02 07 02
(Schlumberger ACCESS 32K V2)
So you may have either the really old CAC or the really new CAC.
_/*OK*/_
Do I not need 'pkcs#11' to interface with Firefox ? Is this a part of
libmusclecard-1.2.9-beta7 ?
configure libmusclecard-1.2.9-beta7 _/*NOT OK*/_
I get
You do need a pkcs#11 for firefox.
You also need the CommonAccessCard.bundle file, to associate the keys on the
card correctly (if I have understood what was described to me).
the CAC.bundle can _probably_ be gotten from Darwin[3], but I have yet to get
it compiled with the normal Linux tools[1]. The pkcs#11 from Darwin may work
but it too I have not been able to compile with the normal Linux tools.
If you look at the archive of the mailing list you will find an email from
Aaron Lippold, subject "Gemplus gemxpresso 64V2N and Axalto Acess 64k cards"
where he too is looking for a way to get the CAC to work under Linux.
I do not believe we need to load a muscle applet on the card, what I think we
need to do is get a CAC.bundle and libpkcs#11 which can work with the CAC
cards existing applets.
I have spoken with Mr. David Corcoran and it seems his company would be
willing to put the software together for us, even as open source, but as with
all workers, they would like to be paid (seems reasonable to me). I have not
been able to find a funding line that we could do this with, if you know of
one, or know of a way that several of us government[2] shops could pool some
funding lines and get a contract to have it done, please let me know.
If you want more history on where I think we stand on the access of the CAC
from Linux please look in the list archive for the emails I sent with the subject:
"help understanding the interaction of libmusclepkcs11.so,bundles, and
pcscd."
[1] make & gcc. DARWIN/OSX[3] uses a build system driven by an XML file, I
don't know if you can get that system for Linux, and don't have time at
present to find out. If you make it work please let me know how.
[2] Getting the CAC to work under Linux is a reoccurring problem on the list,
surly there are enough organizations who would have some need of access to the
CAC (like accessing your NMCI OWA account or restricting logins to your
tactical Linux box to only those who could use a CAC ) that we could fund the
effort.
[3]
http://darwinsource.opendarwin.org/
http://darwinsource.opendarwin.org/10.4.2/SmartCardServices-31/
http://darwinsource.opendarwin.org/tarballs/apsl/SmartCardServices-31.tar.gz
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
