• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] CAC cards with Firefox/Mozilla
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] CAC cards with Firefox/Mozilla

  • Subject: Re: [Fed-Talk] CAC cards with Firefox/Mozilla
  • From: Shawn Geddis <email@hidden>
  • Date: Mon, 15 May 2006 13:56:37 -0700
Bill,

Since you are probably using a 64K card and you realize that the commonAccessCard.bundle that is used for the legacy pkcs#11 may not have the newer ATR value related to your card you need to update the associated bundle via the 'pcsctool' command running as root.  

root# pcsctool
Select the approprate token driver:
-----------------------------------
  1.     commonAccessCard.bundle
  2.     GSCISPlugin.bundle
  3.     mscMuscleCard.bundle
  4.     slbCryptoflex.bundle
-----------------------------------
Enter the number: 1

Insert your token in: CCID Smart Card Reader 0 0

Token support updated successfully !

What happens is that the ATR values are updated in the Info.plist within the commonAccessCard.bundle:

/usr/libexec/SmartCardServices/services/commonAccessCard.bundle/Contents/Info.plist

        <key>spAtrValue</key>
        <string>3B6B00008065B08301047483009000</string>
        <array>
                <string>3B6500009C02020102</string>
                <string>3B7D110000003180718E6486D60100819000</string>
                <string>3B7F1100000031C053CAC4016452D90400829000</string>
                <string>3B6500009C02020702</string>
        </array>


NOTE:
This of course is only needed since you are using a PKCS#11 application and are using a newer card (newer ATR value) then was updated back for 10.3.x.  Apple has invested heavily in the abstraction of Smart Cards in Mac OS X 10.4 via Keychains which does not rely on the ATR values.  Applications that rely on "Smart Cards as Keychains"  (Sec* APIs) automatically get support for the 64K cards and CAC/GSC-IS/PIV with no additional coding needed.

-Shawn

On May 15, 2006, at 12:14 PM, Bill Jackson wrote:


Anyone else having a problem getting a CAC card to work with Firefox.

I am running 10.4.6 Mac OSX, firefox 1.5.0.3, SCRx31 USB Smart Card Reader: Version: 5.18.

When I do the following to setup Firefox:

Click Manage Security Devices, then click Load.
Enter a name in the Module Name box (for example, “CAC SmartCard”),
    then type the  location of the file in the Module Filename box:

   /usr/libexec/SmartCardServices/pkcs11/pkcs11.bundle/Contents/MacOS/pkcs11

Click OK.

Firefox thinks about it for a few seconds and then crashes.  Every time I try to restart
FIrefox it just crashes.

I have successfully configured Firefox on numerous Mac's of identical configurations,
but 2 of my machines just will not work.

Any suggestions would be greatly appreciated.

Thanks,
Bill Jackson
SPAWAR Systems Center San Diego
(619)553-2291

- Shawn
___________________________________________
Shawn Geddis
Security Consulting Engineer
Apple Enterprise Division    (Public & Private Sector)


 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Fed-Talk] CAC cards with Firefox/Mozilla (From: Bill Jackson <email@hidden>)

  • Prev by Date: RE: [Fed-Talk] CAC cards with Firefox/Mozilla
  • Next by Date: Re: [Fed-Talk] OS X as NTP Server
  • Previous by thread: [Fed-Talk] CAC cards with Firefox/Mozilla
  • Next by thread: RE: [Fed-Talk] CAC cards with Firefox/Mozilla
  • Index(es):
    • Date
    • Thread