-- Tim
Kenneth Carrera wrote:
Douglas,Thank you very much for the response. I really appreciate it. I tried using the opensc-tool, piv-tool, and pkcs15-tool. From those, I can bring up the card ATR so I know my card is being recognized, but I cannot successfully run any of the other commands. Did you do anything special to your opensc.conf file? Also, are you able to perform smart card login to your MAC using OpenSC? Thank you again for your help! Ken----- Original Message ----From: Douglas E. Engert <[EMAIL PROTECTED]> To: Kenneth Carrera <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED]; opensc-devel@lists.opensc-project.org Sent: Friday, March 2, 2007 4:27:47 PM Subject: Re: [opensc-devel] Using PIV Card to Authenticate to MAC ( Problems ) Kenneth Carrera wrote: > Hello all: > > I am trying to configure my MAC to accept a PIV Card. > I have installed OpenSC (SCA for MAC) and can now read > my smart card ATR. My keychain can recognize when the > card is inserted. > > However, I cannot seem to access the data or the > certificates on the card. I made sure to configure my > Opensc.config file to work with the new PIV card ( > Oberthur ). Is there anything else I can do to try to > get the card to work with MAC? Thank you in advance > for any help offered! How are you trying to access the data on the card? I am assuming the card has at least a certificate and key, either a test one from Oberthur, or issued by whomever gave you the card. You can start by using the /Library/OpenSC/opensc-tool -l and -a options is a terminal window. Then ./pkcs15-tool -c should show that you have a certificate. (It may not really be there.) ./pkcs15-tool -r 1 should read the certificate and show it in PEM format. If you bring up the Keychain utility and hit the "show Keychains" button in the lower left, its should show all your keychains. The PIV card would be listed as PIV_II, and the main window should show you have an Auth key, and a certifcate. (You may have other certs and keys as well There can be 4. In my tests I only write out the auth cert to the card. The one other issue is if the certificate is compressed. Code has been sent to the devel list to handle this, but is has not been added to the distribution. I don't have a card with a compressed cert, so can not test it. If you suspect that the cert is compressed, we can talk about that too. Safari should be able to use this to some web site, if the site trusts the CA that signed your certifcate. > > Ken > >> > ____________________________________________________________________________________> Need a quick answer? Get one in minutes from people who know. > Ask your question on www.Answers.yahoo.com <http://www.answers.yahoo.com/> > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 --------------------------------------------------------------------------------Expecting? Get great news right away with email Auto-Check. <http://us.rd.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html> Try the Yahoo! Mail Beta. <http://us.rd.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html>------------------------------------------------------------------------ _______________________________________________ opensc-user mailing list [EMAIL PROTECTED] http://www.opensc-project.org/mailman/listinfo/opensc-user
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
