|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Muscle] CAC - Almost there
From: Micahel Olson (olson
cs.odu.edu)
Date: Thu Jan 06 2005 - 11:57:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thank you, that definitely generated some information. I'm not getting
much from it initially so I'm trying to look at the code and figure it
now. (If you have the time/inclination to peek at it,
http://www.cs.odu.edu/~olson/CAC/ )
I see that there are differences between running it with the bsiPlugin
vs commonAccessCard but nothing obvious appears. Which one should I be
using? I would prefer to be operational using commonAccessCard since
it's open source.
Thanks Again,
Michael
David Corcoran wrote:
> Michael,
>
> I would suggest using the pkcs11rc file (contained in the PKCS#11
> code) and turning logging to LOW (log low priority messages)
> This will create a PKCS11.log file which can be used to determine the
> problem ...
>
> bsiPlugin.bundle and commonAccessCard.bundle are two different
> animals - although they have similar API's .....
>
> Thanks,
> Dave
>
>
> On Jan 6, 2005, at 10:49 AM, Michael Olson wrote:
>
>> I'm trying to get a CAC card in use under Fedora Core 3.
>>
>> What I'd like to get going altogether is
>>
>> Working on Web Client Side Authentication first, I have
>> an ActiveCard USB Reader (v2) and a Schlumberger Access 32K V2.
>>
>> Using PCSC-Lite 1.2.0 and CCID 0.4.1 I seem to have no
>> problems reading the card. I can see it inserted and get my ATR.
>>
>> I built commonAccessCard.bundle from Darwin and
>> muscleframework 1.1.5, associated it with bundleTool and
>> XCardII 0.9.9 can see the card.
>>
>> Next up I built libmusclepkcs11.so and loaded it into
>> FireFox 1.0 and tried hitting a client side authenticated
>> page. It prompted me to unlock the card, accepted my pin,
>> and then gave me a list of certificates to use.
>>
>> This is where things stopped working though. I tried all the
>> certificates listed but can not view the page. (Error establishing
>> an encrypted connection to xxx.navy.mil. Error Code: -12222.)
>>
>> I tried using bsiPlugin.bundle from ActiveCard Gold 1.0. It seems
>> to work pretty much identically to commonAccessCard.bundle so I
>> also tried using libpkcs11.so with it. Firefox wouldn't even load it.
>>
>> I've switched back to commonAccessCard.bundle and libmusclepkcs11.so
>> but have no idea what to do to debug things at this point.
>>
>> Any recommendations?
>>
>> Thank You,
>> Michael
>
> ------------------------------------------------------------------------
> ------------
> David Corcoran corcoranidentityalliance.com
> Identity Alliance http://www.identityalliance.com
>
> Smart Cards, Biometrics, Training, Identity Management
> ------------------------------------------------------------------------
> -------------
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]