|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Muscle] getting started with ActivCard USB Reader v2.0
From: Todd Denniston (Todd.Denniston
ssa.crane.navy.mil)
Date: Wed May 04 2005 - 18:25:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrew Pimlott wrote:
>
> On Wed, May 04, 2005 at 08:55:25AM -0500, Todd Denniston wrote:
> > I agree the documentation is a bit confusing, and mostly geared to using
> > just the muscle applet. I do not see you mention getting a token
> > driver/interpreter/bundle/plugin (not sure what the folks around here realy
> > call it) for the CAC card.
>
> Right, the bundle/plugin part is what I was missing. It seems to be
> left out of most of the documentation I've found, and so I didn't really
> understand its role. However, now that I know that's what I need, I've
> found the past discussion and made a little progress.
>
> I downloaded SmartCardServices-31 from the opendarwin site. I went into
> the src/CACPlugin and since I didn't see any build instructions, I
> compiled it (after installing libpcsclite-dev, libmusclepkcs11-dev, and
> zlib1g-dev from Debian) with
>
> gcc -c -shared -I/usr/include/PCSC commonAccessCard.c
> ld -shared -o commonAccessCard.so commonAccessCard.o
is the ld needed, your not telling ld anything else to link
commonAccessCard.o to to make commonAccessCard.so? or am I missing something
subtle here? I would have been tempted to just
`cp commonAccessCard.o commonAccessCard.so`
>
> Then, I built the bundle directory structure under
> /usr/lib/pcsc/services. I copied commonAccessCard.so to
> commonAccessCard.bundle/Contents/Linux/commonAccessCard. I couldn't
> find an appropriate Info.plist in SmartCardServices-31, so I copied
> Info.plist.commonAccessCard from SmartCardServices-15 to
> commonAccessCard.bundle/Contents/Info.plist. And
> commonAccessCard.bundle/Contents/PkgInfo contains the contens
> "BNDL????", which is surely critical for successful operation.
>
Seems sane from what I see here.
<SNIP>
> On the other hand, when I run xcard, Common Access Card shows up under
> Tokens, and three keys are available (as well as a bunch of objects and
> a PIN). So I was optimistic. Alas, when I loaded
> /usr/lib/libmusclepkcs11.so.0 in firefox, an entry shows up for
> "ActivCard 00 00", but the status is still always "Not Present". Any
> ideas from here?
>
> By the way, I have just gotten this atrocious program called ActivCard
> Gold installed, and using its Card Explorer I can see the certificates
> as well. However, when I try to add its libpkcs11.so to firefox, I
> always get "unable to add module".
>
This sounds familiar, and I did it using Schlumberger's CACTUS distribution.
Get http://www.openssl.org/source/openssl-0.9.6.tar.gz then backup/'find the
rpm' for all the files the make install will replace. build and install the
openssl, you may also need to rebuild pkcs11, pcscd and the CAC bundle(for
the darwin one).
then try mozilla again with both the musclepkcs11 and with the ActivCard
Gold libpkcs11.so.
I think they did something funny that got broke with the security fixes
applied to later openssl distros.
Also I wonder if there should be a libCACpkcs11.so.0 module somewhere, I
thought the bundle would abstract it so you only needed one pkcs11.so but I
notice that the one from muscle is named specific to muscle.
when looking at darwin they appear to have only one pkcs11 lib, if the above
fails you might try building the darwin pkcs11, or see if its different from
the muscle one
http://darwinsource.opendarwin.org/10.4/SmartCardServices-31/src/
********
GURUS,
is libmusclepkcs11.so.0 supposed to work with any card you have a bundle
for, or is it specific to muscle's applet+bundle?
********
> Also, I'm curious as to why I have to go to the Darwin site to get the
> commonAccessCard code. Will it be integrated into the MUSCLE project in
> the future?
Best guess, the people doing Darwin knew someone with access to it or
reverse engineered it. Schlumberger certainly did not give source to one on
its CACTUS distribution. But I am new (1-2 years) to the smartcard scene,
perhaps there is MUCH history I have missed.
>
> Thank you for your help.
>
> Andrew
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]