List Info

Thread: Using PIV Card to Authenticate to MAC ( Problems )




Using PIV Card to Authenticate to MAC ( Problems )
country flaguser name
United States		 2007-03-02 12:49:45 
Hello all:

I am trying to configure my MAC to accept a PIV Card.
I have installed OpenSC (SCA for MAC) and can now read
my smart card ATR. My keychain can recognize when the
card is inserted. 

However, I cannot seem to access the data or the
certificates on the card. I made sure to configure my
Opensc.config file to work with the new PIV card (
Oberthur ). Is there anything else I can do to try to
get the card to work with MAC?  Thank you in advance
for any help offered!

Ken


 
____________________________________________________________
________________________
Need a quick answer? Get one in minutes from people who
know.
Ask your question on www.Answers.yahoo.com
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
Re: Using PIV Card to Authenticate to MAC ( Problems )
country flaguser name
United States		 2007-03-02 15:27:47 

Kenneth Carrera wrote:
> Hello all:
> 
> I am trying to configure my MAC to accept a PIV Card.
> I have installed OpenSC (SCA for MAC) and can now read
> my smart card ATR. My keychain can recognize when the
> card is inserted. 
> 
> However, I cannot seem to access the data or the
> certificates on the card. I made sure to configure my
> Opensc.config file to work with the new PIV card (
> Oberthur ). Is there anything else I can do to try to
> get the card to work with MAC?  Thank you in advance
> for any help offered!

How are you trying to access the data on the card?

I am assuming the card has at least a certificate and
key, either a test one from Oberthur, or issued by
whomever gave you the card.

You can start by using the /Library/OpenSC/opensc-tool
-l and -a options is a terminal window.

Then ./pkcs15-tool -c should show that you have a
certificate.
(It may not really be there.)

  ./pkcs15-tool -r 1

should read the certificate and show it in PEM format.

If you bring up the Keychain utility and hit the "show
Keychains"
button in the lower left, its should show all your
keychains.
The PIV card would be listed as PIV_II, and the main window
should
show you have an Auth key, and a certifcate. (You may have
other certs and keys as well There can be 4. In my tests I
only
write out the auth cert to the card.

The one other issue is if the certificate is compressed.
Code has been sent to the devel list to handle this, but is
has not been added to the distribution. I don't have a card
with a compressed cert, so can not test it. If you suspect
that the cert is compressed,  we can talk about that too.

Safari should be able to use this to some web site, if the
site trusts the CA that signed your certifcate.


> 
> Ken
> 
> 
>  
>
____________________________________________________________
________________________
> Need a quick answer? Get one in minutes from people who
know.
> Ask your question on www.Answers.yahoo.com
> _______________________________________________
> opensc-devel mailing list
> opensc-devellists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc
-devel
> 
> 

-- 

  Douglas E. Engert  <DEEngertanl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )