Re: Using PIV Card to Authenticate to MAC ( Problems )

Is this a full-on PIV card, or a DoD PIV-transitional?  If
it's 
PIV-transitional, then functionally it can still be used as
a CAC as it 
still has the CAC applets.  You may need to register the ATR
with the 
commonAccessCard.bundle via pscstool.

-- Tim

Kenneth Carrera wrote:
> Douglas,
>  
> Thank you very much for the response. I really
appreciate it.
>  
> I tried using the opensc-tool, piv-tool, and
pkcs15-tool. From those, I can 
> bring up the card ATR so I know my card is being
recognized, but I cannot 
> successfully run any of the other commands. Did you do
anything special to your 
> opensc.conf file?
>  
> Also, are you able to perform smart card login to your
MAC using OpenSC?
>  
> Thank you again for your help!  Ken
> 
> 
>  
> ----- Original Message ----
> From: Douglas E. Engert <deengertanl.gov>
> To: Kenneth Carrera <kcarrera411yahoo.com>
> Cc: opensc-userlists.opensc-project.org; opensc-devellists.opensc-project.org
> Sent: Friday, March 2, 2007 4:27:47 PM
> Subject: Re: [opensc-devel] Using PIV Card to
Authenticate to MAC ( Problems )
> 
> Kenneth Carrera wrote:
>  > Hello all:
>  >
>  > I am trying to configure my MAC to accept a PIV
Card.
>  > I have installed OpenSC (SCA for MAC) and can now
read
>  > my smart card ATR. My keychain can recognize when
the
>  > card is inserted.
>  >
>  > However, I cannot seem to access the data or the
>  > certificates on the card. I made sure to
configure my
>  > Opensc.config file to work with the new PIV card
(
>  > Oberthur ). Is there anything else I can do to
try to
>  > get the card to work with MAC?  Thank you in
advance
>  > for any help offered!
> 
> How are you trying to access the data on the card?
> 
> I am assuming the card has at least a certificate and
> key, either a test one from Oberthur, or issued by
> whomever gave you the card.
> 
> You can start by using the /Library/OpenSC/opensc-tool
> -l and -a options is a terminal window.
> 
> Then ./pkcs15-tool -c should show that you have a
certificate.
> (It may not really be there.)
> 
>   ./pkcs15-tool -r 1
> 
> should read the certificate and show it in PEM format.
> 
> If you bring up the Keychain utility and hit the
"show Keychains"
> button in the lower left, its should show all your
keychains.
> The PIV card would be listed as PIV_II, and the main
window should
> show you have an Auth key, and a certifcate. (You may
have
> other certs and keys as well There can be 4. In my
tests I only
> write out the auth cert to the card.
> 
> The one other issue is if the certificate is
compressed.
> Code has been sent to the devel list to handle this,
but is
> has not been added to the distribution. I don't have a
card
> with a compressed cert, so can not test it. If you
suspect
> that the cert is compressed,  we can talk about that
too.
> 
> Safari should be able to use this to some web site, if
the
> site trusts the CA that signed your certifcate.
> 
> 
>  >
>  > Ken
>  >
>  >
>  >  
>  > 
>
____________________________________________________________
________________________
>  > Need a quick answer? Get one in minutes from
people who know.
>  > Ask your question on www.Answers.yahoo.com <http://www.answers.
yahoo.com/>
>  > _______________________________________________
>  > opensc-devel mailing list
>  > opensc-devellists.opensc-project.org
>  > http://www.opensc-project.org/mailman/listinfo/opensc
-devel
>  >
>  >
> 
> -- 
> 
>   Douglas E. Engert  <DEEngertanl.gov>
>   Argonne National Laboratory
>   9700 South Cass Avenue
>   Argonne, Illinois  60439
>   (630) 252-5444
> 
> 
>
------------------------------------------------------------
--------------------
> Expecting? Get great news right away with email
Auto-Check. 
> <http://us.r
d.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/m
ailbeta/newmail_tools.html>
> Try the Yahoo! Mail Beta. 
> <http://us.r
d.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/m
ailbeta/newmail_tools.html>
> 
> 
>
------------------------------------------------------------
------------
> 
> _______________________________________________
> opensc-user mailing list
> opensc-userlists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-
user


_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Hello Tim,

This is a full-on PIV card. I feel like I am so close!

Thanks - Ken
--- "Timothy J. Miller" <tmillermitre.org> wrote:

> Is this a full-on PIV card, or a DoD
> PIV-transitional?  If it's 
> PIV-transitional, then functionally it can still be
> used as a CAC as it 
> still has the CAC applets.  You may need to register
> the ATR with the 
> commonAccessCard.bundle via pscstool.
> 
> -- Tim
> 
> Kenneth Carrera wrote:
> > Douglas,
> >  
> > Thank you very much for the response. I really
> appreciate it.
> >  
> > I tried using the opensc-tool, piv-tool, and
> pkcs15-tool. From those, I can 
> > bring up the card ATR so I know my card is being
> recognized, but I cannot 
> > successfully run any of the other commands. Did
> you do anything special to your 
> > opensc.conf file?
> >  
> > Also, are you able to perform smart card login to
> your MAC using OpenSC?
> >  
> > Thank you again for your help!  Ken
> > 
> > 
> >  
> > ----- Original Message ----
> > From: Douglas E. Engert <deengertanl.gov>
> > To: Kenneth Carrera <kcarrera411yahoo.com>
> > Cc: opensc-userlists.opensc-project.org;
> opensc-devellists.opensc-project.org
> > Sent: Friday, March 2, 2007 4:27:47 PM
> > Subject: Re: [opensc-devel] Using PIV Card to
> Authenticate to MAC ( Problems )
> > 
> > Kenneth Carrera wrote:
> >  > Hello all:
> >  >
> >  > I am trying to configure my MAC to accept a
PIV
> Card.
> >  > I have installed OpenSC (SCA for MAC) and
can
> now read
> >  > my smart card ATR. My keychain can
recognize
> when the
> >  > card is inserted.
> >  >
> >  > However, I cannot seem to access the data
or
> the
> >  > certificates on the card. I made sure to
> configure my
> >  > Opensc.config file to work with the new PIV
> card (
> >  > Oberthur ). Is there anything else I can do
to
> try to
> >  > get the card to work with MAC?  Thank you
in
> advance
> >  > for any help offered!
> > 
> > How are you trying to access the data on the
card?
> > 
> > I am assuming the card has at least a certificate
> and
> > key, either a test one from Oberthur, or issued
by
> > whomever gave you the card.
> > 
> > You can start by using the
> /Library/OpenSC/opensc-tool
> > -l and -a options is a terminal window.
> > 
> > Then ./pkcs15-tool -c should show that you have a
> certificate.
> > (It may not really be there.)
> > 
> >   ./pkcs15-tool -r 1
> > 
> > should read the certificate and show it in PEM
> format.
> > 
> > If you bring up the Keychain utility and hit the
> "show Keychains"
> > button in the lower left, its should show all
your
> keychains.
> > The PIV card would be listed as PIV_II, and the
> main window should
> > show you have an Auth key, and a certifcate. (You
> may have
> > other certs and keys as well There can be 4. In
my
> tests I only
> > write out the auth cert to the card.
> > 
> > The one other issue is if the certificate is
> compressed.
> > Code has been sent to the devel list to handle
> this, but is
> > has not been added to the distribution. I don't
> have a card
> > with a compressed cert, so can not test it. If
you
> suspect
> > that the cert is compressed,  we can talk about
> that too.
> > 
> > Safari should be able to use this to some web
> site, if the
> > site trusts the CA that signed your certifcate.
> > 
> > 
> >  >
> >  > Ken
> >  >
> >  >
> >  >  
> >  > 
> >
>
____________________________________________________________
________________________
> >  > Need a quick answer? Get one in minutes
from
> people who know.
> >  > Ask your question on www.Answers.yahoo.com
> <http://www.answers.
yahoo.com/>
> >  >
_______________________________________________
> >  > opensc-devel mailing list
> >  > opensc-devellists.opensc-project.org
> >  >
>
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
> >  >
> >  >
> > 
> > -- 
> > 
> >   Douglas E. Engert  <DEEngertanl.gov>
> >   Argonne National Laboratory
> >   9700 South Cass Avenue
> >   Argonne, Illinois  60439
> >   (630) 252-5444
> > 
> > 
> >
>
------------------------------------------------------------
--------------------
> > Expecting? Get great news right away with email
> Auto-Check. 
> >
>
<http://us.r
d.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/m
ailbeta/newmail_tools.html>
> > Try the Yahoo! Mail Beta. 
> >
>
<http://us.r
d.yahoo.com/evt=49982/*http://advision.webevents.yahoo.com/m
ailbeta/newmail_tools.html>
> > 
> > 
> >
>
------------------------------------------------------------
------------
> > 
> > _______________________________________________
> > opensc-user mailing list
> > opensc-userlists.opensc-project.org
> >
>
http://www.opensc-project.org/mailman/listinfo/opensc-
user
> 
> 



 
____________________________________________________________
________________________
Never Miss an Email
Stay connected with Yahoo! Mail on your mobile.  Get
started!
http://
mobile.yahoo.com/services?promote=mail
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel