Re: [Fed-Talk] Using Digital Signature with CAC with Acrobat
Re: [Fed-Talk] Using Digital Signature with CAC with Acrobat
- Subject: Re: [Fed-Talk] Using Digital Signature with CAC with Acrobat
- From: "Timothy J. Miller" <email@hidden>
- Date: Mon, 2 Jul 2007 13:53:48 -0500
On Jul 2, 2007, at 1:44 PM, charles mae wrote:
But, from my discussions with Shawn, the issue is with the CAC card
which is “known” to the Mac OS and the drivers have already been
pre-loaded. The CAC is made to work specifically via tokend where
the OS takes ownership of the card and expects all apps to go via
the keychain and negate the use of the older PKCS #11 interface
which needs to be loaded from each apps.
While Paul is right that it's not flawless, it works for the most
part. :) I can demonstrate access to a CAC via PKCS#11 *and* tokend
on the same system at the same time (though not, strictly speaking,
simultaneously; pcscd serializes simultaneous requests).
We thought that we could just provide PKCS #11 support which works
with non Mac known readers where you would just load the drivers.
I just mailed you off-list but I'll repeat it here: IMHO PKCS#11 is
nice (if it would work; Reader doesn't successfully load the module)
but Keychain would be better. Keychain API would get you access to
user-held software certificates from the login (or other) keychains,
which PKCS#11 can't touch. In addition, Keychain will be more
flexible with non-PKCS#11 crypto tokens (assuming a tokend is
installed, natch).
-- Tim
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden