Date: Mon, 4 Feb 2008 14:04:14 -0800
From: Bill Burns <email@hidden>
Subject: Re: problems with PC/SC and Leopard beta
To: Apple CDSA <email@hidden>
Message-ID: <email@hidden>
Content-Type: text/plain; charset="iso-8859-1"
On Jan 28, 2008, at 4:16 AM, Chris Hauser wrote:
Hello.
On Sep 17, 2007, at 7:19 AM, Ludovic Rousseau wrote:
I am testing Leopard (beta version) and have real problems with the
use of smart cards.
[...]
On a Intel machine the ATR is correct the first time but on the
second
execution of pcsctest the ATR length is reported as 33 bytes (21 in
hex) and the ATR value is padded with 00.
[...]
(1) Reader and/or Card not recognized by Mac OS X 10.5
Many of you were already working with your Smart Card / Reader on
10.4.11 and then things stopped working after you upgraded to 10.5.x.
Customers Impacted:
Smart Card users who upgraded to Mac OS X 10.5 and had one of a
handful of Readers (SCM SCR 331/531/3310/3311/..) as well as a newer
Smart Card supporting Block Transfer (T=1) and/or a Hybrid card
containing both CAC/PIV applets. Note that this is not a problem
with either the Reader /Smart Card Manufacturers, but with the
compatibility issues of the Mac OS X 10.5.x shipped components and
these devices.
Platform Affected: Mac OS X 10.5.x
Services Affected: Any services requiring an Identity (Cert/Key)
from the Smart Card
User Experience: Previous:
When inserting a supported smart card, it appears in the
Keychain List within Keychain Access.
After Update:
When inserting a supported smart card, the reader may even blink
but the card never appears in the Keychain List.
Background on a Fix: We are replacing some of the previously shipped
Smart Card Services
Components to better support these specific issues:
• CCID Class Driver: Replaced with a more comprehensive CCID
Driver
• PCSC Framework: Updated to support T=1 Card Negotiation
• CAC Tokend: Updated to support T=1 Card Negotiation
• PIV Tokend: Updated to support T=1 Card Negotiation
Delivery Vehicle: Plan to provide these modifications in a
subsequent Mac OS X 10.5
Software Update.
Work-a-round: Until it has been integrated into the OS, I have
developed an Installer
to get each of you the current builds of those components for
your
immediate testing and use. The Installer requires that you have
already upgraded to 10.5.4 first - otherwise it will not instal.
**WARNING**: *Disclaimer*
Use at your own risk. Ensure that you test this installer
on test machines prior to larger scale deployment.
If you are using s Third-party product related to the use of
your
Smart Card, then check with the vendor to ensure they rely on
their own Tokend module or that their software is not negatively
impacted by the SCS component updates.
Installer URL: In the future, there will be a more appropriate
location to pickup
Installers/patches/documents, but until then, grab this one at
the
following URL. You will note that this is a digitally signed
installer
to ensure its authenticity and origination.
http://idisk.mac.com/geddis//Public/SmartCards/Installers/Smart_Card_Services_Update_v1.0.zip
installation Welcome Panel:
Smart Card Services Update 1.0 Smart Card Services components
shipped in Mac OS X 10.5.0 - 10.5.4 require specific updates to
support some of the newer Smart Cards issued within the US Federal
Government. These newer cards support a faster transfer protocol
(T=1) and can also be a hybrid card (CAC & PIV applets). They
require a negotiation of which protocol to use (T=0 or T=1). CCID
compliant smart card reader support and protocol negotiation has
been significantly improved in this update. New Components to be
installed: PCSC Framework • PCSC.Framework /System/Library/
Frameworks/ • pcscd /usr/sbin/ CCID Compliant Smart Card Readers
• ifd-ccid.bundle /usr/libexec/SmartCardServices/drivers/ Smart
Cards • CAC.tokend /System/Library/Security/tokend/ CAC.tokend
• PIV.tokend /System/Library/Security/tokend/ PIV.tokend
Installer Important Information Panel:
This is a digitally signed Mac OS X Installer. You can verify the
integrity of this installer by clicking on the small certificate
icon in the upper right corner of this installer window.
This installer is provided to you by:
Shawn Geddis
Security Consulting Engineer, Apple Enterprise
email@hidden
____________________________________________________
Please contact Shawn Geddis <email@hidden> directly in the
event of any issues with this installer or the results of
installing on your machine(s) and he will make a best effort
attempt to help. Please provide a complete System Profiler report
to assist in the troubleshooting of your installation.
*Disclaimer*
Use at your own risk. Ensure that you test this installer on test
machines prior to larger scale deployment.
Installation Complete Panel:
Smart Card Services Update 1.0
____________________________________________________
During the installation of this update, copies of the older
versions of the replaced components have been placed into a new
folder on your Desktop:
SmartCardServices-Backup-[OS build#]
i.e. SmartCardServices-Backup-[9D34]
If for any reason you wish to retain the previously installed
components, you should put this folder into a safe place.
Components and where they were moved from:
PCSC.Framework /System/Library/Frameworks
pcscd /usr/sbin/
CCIDCLassDriver.bundle /usr/libexec/SmartCardServices/drivers/
CAC.tokend /System/Library/Security/tokend/
PIV.tokend /System/Library/Security/tokend/
