Douglas, I think I am getting a little closer. Now in my keychain, the lock Icon is locked. That was a little different that before. Attached is my opensc.conf file. Would you mind to take a look at it?
I really appreciate any help you provide. Ken --- "Douglas E. Engert" <[EMAIL PROTECTED]> wrote: > > > Kenneth Carrera wrote: > > Douglas, > > > > Thank you very much for the response. I really > appreciate it. > > > > I tried using the opensc-tool, piv-tool, and > pkcs15-tool. From those, I > > can bring up the card ATR so I know my card is > being recognized, but I > > cannot successfully run any of the other commands. > Did you do anything > > special to your opensc.conf file? > > What it said in the Wiki page: > > http://www.opensc-project.org/opensc/wiki/UnitedStatesPIV > Double check the ATR too. > > But looking closer, I also commented out the > use_cacching = true; > and commented out the builtin_emulators = ... > line as it does not list the PIV as it should. > > See the attached diff. If this does not help, send a > copy of your > opensc.conf. > > > > > Also, are you able to perform smart card login to > your MAC using OpenSC? > > No, but on unix have Heimdal (and MIT development) > Kerberos using PKINIT > to authenticate to Active Directory using pam_krb5. > Apple has said they > would fully support PIV, so we expect that when they > do we would use > whatever they they provide. > > > > > Thank you again for your help! Ken > > > > > > > > ----- Original Message ---- > > From: Douglas E. Engert <[EMAIL PROTECTED]> > > To: Kenneth Carrera <[EMAIL PROTECTED]> > > Cc: [EMAIL PROTECTED]; > > opensc-devel@lists.opensc-project.org > > Sent: Friday, March 2, 2007 4:27:47 PM > > Subject: Re: [opensc-devel] Using PIV Card to > Authenticate to MAC ( > > Problems ) > > > > Kenneth Carrera wrote: > > > Hello all: > > > > > > I am trying to configure my MAC to accept a PIV > Card. > > > I have installed OpenSC (SCA for MAC) and can > now read > > > my smart card ATR. My keychain can recognize > when the > > > card is inserted. > > > > > > However, I cannot seem to access the data or > the > > > certificates on the card. I made sure to > configure my > > > Opensc.config file to work with the new PIV > card ( > > > Oberthur ). Is there anything else I can do to > try to > > > get the card to work with MAC? Thank you in > advance > > > for any help offered! > > > > How are you trying to access the data on the card? > > > > I am assuming the card has at least a certificate > and > > key, either a test one from Oberthur, or issued by > > whomever gave you the card. > > > > You can start by using the > /Library/OpenSC/opensc-tool > > -l and -a options is a terminal window. > > > > Then ./pkcs15-tool -c should show that you have a > certificate. > > (It may not really be there.) > > > > ./pkcs15-tool -r 1 > > > > should read the certificate and show it in PEM > format. > > > > If you bring up the Keychain utility and hit the > "show Keychains" > > button in the lower left, its should show all your > keychains. > > The PIV card would be listed as PIV_II, and the > main window should > > show you have an Auth key, and a certifcate. (You > may have > > other certs and keys as well There can be 4. In my > tests I only > > write out the auth cert to the card. > > > > The one other issue is if the certificate is > compressed. > > Code has been sent to the devel list to handle > this, but is > > has not been added to the distribution. I don't > have a card > > with a compressed cert, so can not test it. If you > suspect > > that the cert is compressed, we can talk about > that too. > > > > Safari should be able to use this to some web > site, if the > > site trusts the CA that signed your certifcate. > > > > > > > > > > Ken > > > > > > > > > > > > > > > ____________________________________________________________________________________ > > > Need a quick answer? Get one in minutes from > people who know. > > > Ask your question on www.Answers.yahoo.com > > <http://www.answers.yahoo.com/> > > > _______________________________________________ > > > opensc-devel mailing list > > > opensc-devel@lists.opensc-project.org > > > > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > > > > > > > > > -- > > > > Douglas E. Engert <[EMAIL PROTECTED]> > > Argonne National Laboratory > > 9700 South Cass Avenue > > Argonne, Illinois 60439 > > (630) 252-5444 > > > > > > > ------------------------------------------------------------------------ > > Expecting? Get great news right away with email > Auto-Check. > > > <http://us.rd.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html> > > Try the Yahoo! Mail Beta. > > > <http://us.rd.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html> > > -- > > Douglas E. Engert <[EMAIL PROTECTED]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 > > --- opensc.conf.orig 2006-09-13 10:56:26.000000000 > -0500 > +++ opensc.conf 2006-09-13 11:28:51.000000000 -0500 > @@ -68,8 +68,8 @@ > # Some IFD handlers do not properly handle APDUs > with > # large lc or le bytes. > # > - max_send_size = 252; > - max_recv_size = 252; > + max_send_size = 256; > + max_recv_size = 256; > # > # Connect to reader in exclusive mode. > # Default: false > @@ -222,6 +222,23 @@ > # pkcs15emu = "PIV-II"; > # } > > + card_atr > 3b:db:96:00:81:b1:fe:45:1f:03:80:f9:a0:00:00:03:08:00:00:10:00:18 > { > + # Oberthur complient cards 5/10/2006 > + # only show first cert on card > + flags = 20; > + name = "PIV-II"; > + driver = "piv"; > + } > + > + card_atr > 3B:7D:96:00:00:80:31:80:65:B0:83:11:11:AC:83:00:90:00 > { > + # GemSafe 800-73-1 does not protect the cert > with the pin > + # only show first cert on card > + flags = 20; > + name = "PIV-II"; > + driver = "piv"; > + } > + > + > # Estonian ID card and Micardo driver currently > play together with T=0 only. > # In theory only the 'cold' ATR should be > specified, as T=0 will be the preferred > # protocol once you boot it up with T=0, but be > paranoid. > @@ -257,7 +274,7 @@ > # applications. > # Default: false > # > - use_caching = true; > + ##use_caching = true; > # Enable pkcs15 emulation. > # Default: yes > # enable_pkcs15_emulation = no; > @@ -269,7 +286,7 @@ > # Default: yes > # enable_builtin_emulation = yes; > # list of the builtin pkcs15 emulators to test > - builtin_emulators = esteid, openpgp, tcos, > starcert, infocamere, postecert, actalis, > atrust-acosi, gemsafe, tccardos; > + #builtin_emulators = esteid, openpgp, tcos, > starcert, infocamere, postecert, actalis, > atrust-acosi, gemsafe, tccardos; > > # additional settings per driver > # > @@ -281,6 +298,8 @@ > # The location of the driver library > # module = > /usr/lib/opensc/drivers/p15emu_custom.so; > # } > + emulate PIV-II { > + } > } > } > > ____________________________________________________________________________________ We won't tell. Get more on shows you hate to love (and love to hate): Yahoo! TV's Guilty Pleasures list. http://tv.yahoo.com/collections/265 ____________________________________________________________________________________ Any questions? Get answers on any topic at www.Answers.yahoo.com. Try it now. ____________________________________________________________________________________ Be a PS3 game guru. Get your game face on with the latest PS3 news and previews at Yahoo! Games. http://videogames.yahoo.com/platform?platform=120121 ____________________________________________________________________________________ Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097
opensc.conf
Description: 1681475981-opensc.conf
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
