Re: [Fed-Talk] Smart Cards (CAC) and PKCS#11 library support for third party OS X Applications...
Re: [Fed-Talk] Smart Cards (CAC) and PKCS#11 library support for third party OS X Applications...
- Subject: Re: [Fed-Talk] Smart Cards (CAC) and PKCS#11 library support for third party OS X Applications...
- From: Mark Radleigh <email@hidden>
- Date: Tue, 18 Nov 2008 13:41:48 -1000
- Thread-topic: [Fed-Talk] Smart Cards (CAC) and PKCS#11 library support for third party OS X Applications...
Greetings all,
I *finally* got a chance to try this out. No luck with Firefox OR Acrobat
Reader (version 8 or 9). However, I *did* notice the following in the
system logs when I inserted my CAC on my freshly rebooted 10.5.5 Mac Book
pro Duo (although Applications such as Safari that uses the Keychain for
smart card access work fine). Any ideas anyone (and yes, my SCM331 card
reader is at the latest firmware - 5.25)?
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]:
openct/proto-t1.c:358:t1_transceive()
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]: [tokend]
iso7816.c:99:iso7816_check_sw: File not found
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]: [tokend]
iso7816.c:459:iso7816_select_file: returning with: File not found
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]: [tokend]
card-oberthur.c:217:auth_select_aid: select parent failed: File not found
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]: [tokend]
card-oberthur.c:265:auth_init: Failed to initialize DoD-CAC
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]: [tokend]
card-oberthur.c:266:auth_init: Failed to initialize: Card is invalid or
cannot be handled
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]: [tokend]
card.c:176:sc_connect_card: driver 'Oberthur AuthentIC.v2/CosmopolIC.v4'
init() failed: Card is invalid or cannot be handled
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]: [tokend]
card.c:228:sc_connect_card: returning with: Card is invalid or cannot be
handled
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]:
ifdhandler.c:1015:IFDHTransmitToICC() lun: 0
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]:
commands.c:1914:CmdXfrBlockTPDU_T1() T=1: 16 and 1024 bytes
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]:
openct/proto-t1.c:581:t1_build() more bit: 1
Nov 14 22:57:14 Windy com.apple.SecurityServer[63]: sending: 00 60 03 00 A4
04 C3
Mark
> From: "Mueller, David S CIV SSC San Diego, 2872" <email@hidden>
> Date: Thu, 9 Oct 2008 16:47:24 -0700
> To: Mark Radleigh <email@hidden>, "Timothy J. Miller"
> <email@hidden>
> Cc: Apple FED-TALK <email@hidden>
> Subject: RE: [Fed-Talk] Smart Cards (CAC) and PKCS#11 library support for
> third party OS X Applications...
>
> I use the CoolKey package from the CoolKey site:
>
> http://directory.fedoraproject.org/wiki/BuildCoolKey#Pre_Built_Binary
>
> The following Terminal commands can be used to install it; I assume
> you've already used cd to change to the directory that the CoolKey
> package was downloaded to:
>
> $ sudo mkdir -p /usr/local/lib
> $ sudo mkdir -p /usr/local/include
> $ sudo mkdir -p /usr/local/bin
> $ unzip mac-coolkey-1.1.0.zip
> $ cd usr/local/CoolKey
> $ sudo cp -r lib/* /usr/local/lib/
> $ sudo cp -r include/* /usr/local/include/
> $ sudo cp -r bin/* /usr/local/bin/
>
> Once that is done, the path to Coolkey to use in Firefox and Adobe
> Reader is:
>
> /usr/local/lib/pkcs11/libcoolkeypk11.dylib
>
> Hope this helps,
>
> David
>
> -----Original Message-----
> From: Mark Radleigh [mailto:email@hidden]
> Sent: Thursday, October 09, 2008 1:07 PM
> To: Timothy J. Miller
> Cc: Mueller, David S CIV SSC San Diego, 2872; Apple FED-TALK
> Subject: Re: [Fed-Talk] Smart Cards (CAC) and PKCS#11 library support
> for third party OS X Applications...
>
>
> Tried the three R's of Windows: Refresh (Retry), Reboot, Reinstall
> (Recompile). No luck. I think my Mac called my bluff and just laughed
> at me (I even tried the Voodoo doll I brought back from New Orleans).
> Perhaps you can send me the CoolKey package you are using with the,
> configuration and installation steps that you followed, so I can see if
> I can get that working on my system.
>
> However, on a broader note, for other Mac users who will require similar
> functionality, something more user friendly (does waving dead chickens
> over the CPU fall into this category?) and (semi) supported really needs
> to be developed. Quirks like these really gives IT management the ammo
> they need to prevent the Mac from infiltrating the Windows baseline at
> many organizations.
>
> --
> Mark Radleigh
> MHPCC - AFRL/RDSM
> email@hidden
>
>
>> From: "Timothy J. Miller" <email@hidden>
>> Date: Thu, 9 Oct 2008 10:45:16 -0500
>> To: Mark Radleigh <email@hidden>
>> Cc: "Mueller, David S CIV SSC San Diego, 2872"
>> <email@hidden>, Apple FED-TALK <email@hidden>
>> Subject: Re: [Fed-Talk] Smart Cards (CAC) and PKCS#11 library support
>> for third party OS X Applications...
>>
>> Mark Radleigh wrote:
>>> I downloaded Adobe Reader 9 and tried it out with the latest
>>> pre-built CoolKey kit with no success. While Acrobat 9 (as with 8)
>>> did recognize the library, I could not get it to see my CAC (even
>>> after importing *all* the DoD CAs and setting their trust levels).
>>> Apparently, you were able to successfully threaten your Mac into
>>> submission (I guess the hammer I had sitting on my desk next to my
>>> Mac didn't work).
>>
>> Again, works for me (just tried it with Adobe 9). Did you click
>> "refresh"?
>>
>> I've never found the mere presence of tools to be sufficiently
>> threatening. Blood-curdling descriptions of disassembly and sale as
>> spare parts sometimes works.
>>
>> You could just go old-school and wave a dead chicken over the CPU.
>>
>> -- Tim
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden