Timothy J. Miller wrote:
Roy Keene (Contractor) wrote:You might also want to look into CoolKey (http://directory.fedora.redhat.com/wiki/CoolKey) as it doesn't need commonAccessCard.bundle and seems to recognize a wide range of CAC cards without the need to update the ATR list or patch libmusclepkcs11.I don't think this is accurate. CoolKey uses the pcsc-lite API (it doesn't link against it, it dynloads it). pcsc-lite most certainly needs the bundle since it doesn't implement card edge interfaces generally, and certainly doesn't implement the CAC card edge natively.That said, I've got a relatively complete CAC ATR list and I'll be adding it into the bundle Info.plist. I've also got some Makefile cleanup to do. I still haven't looked at redistribution requirements, though.-- Tim ------------------------------------------------------------------------ _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
Mr. Miller,This message has been signed using from Thunderbird on Linux using the CoolKey PKCS11 module without the presence of commonAccessCard.bundle.
The steps needed to replicate this are:
<stop thunderbird>
# killall pcscd
# rm -rf /usr/pcsc/commonAccessCard.bundle
# pcscd
<start thunderbird>
Evidence of support for CAC natively can be seen in the CoolKey source as well:
src/coolkey/slot.c:
/* support CAC card. identify the card based on applets, not the ATRS */
state |= ATR_MATCH;
src/libckyapplet/cky_factory.c:
CKYStatus
CACAPDUFactory_VerifyPIN(CKYAPDU *apdu, const char *pin)
{
...
/* all CAC pins are 8 bytes exactly. If to long, truncate it */
size = strlen(pin);
if (size > 8) {
size = 8;
}
ret = CKYAPDU_SetSendData(apdu, (unsigned char *) pin, size);
(For more references: grep CAC src/*/*.[ch] )
--
Roy Keene
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
