Link OpenSC against libASEP11.so?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Link OpenSC against libASEP11.so?

Guest, Iestyn - 1140 - MITLL
Hello,

Athena ships libASEP11.so with their IDProtect card software to provide PKCS#11 support for apps such as Mozilla, PGP etc...  Which works for Firefox.  Do I need to link this library with OpenSC at compile time for OpenSC to be able to talk to the card?  I'd like to be able to use the card for PAM authentication.

Running opensc-tool --reader 0 --name gives me "Unsupported INS byte in APDU".

Can someone push me in the right direction?

Thanks in advance.

Iestyn Guest.

Reader 0: Broadcom 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
  Card state: Card inserted, Shared Mode,
  ATR: 3B DC 18 FF 81 91 FE 1F C3 80 73 C8 21 13 66 01 0B 03 52 00 05 38
  Athena IDProtect Smart Card Logon Card

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Link OpenSC against libASEP11.so?

Douglas E. Engert


On 6/3/2013 7:48 AM, Guest, Iestyn - 1140 - MITLL wrote:
> Hello,
>
> Athena ships libASEP11.so with their IDProtect card software to provide PKCS#11 support for apps such as Mozilla, PGP etc... Which works for Firefox.  Do I need to link this library with OpenSC at
> compile time for OpenSC to be able to talk to the card? I'd like to be able to use the card for PAM authentication.
>

OpenSC implements the PKCS#11 API for a number of smart cards.
It sounds like libASEP11.so also implements a PKCS#11 API for their cards.

The Mozilla  apps can load multiple "security devices" that are shared libs
that implement a PKCS#11 API. The Mozilla NSS tales care of keeping track of the
multiple PKCS#11 libs and which card is supported by them.

Depending on how you PAM uses PKCS#11, it can either support multiple
PKCS#11 libs, or just one. If its just one, and you only have one
type of card, the IDProtect card, you don't need OpenSC at all just use
the libASEP11.so.

There are many PAM modules out there, that can use smart cards. I
would assume being from MIT that you want to use the card with
Kerberos PKINIT. In which case look at the Kerberos doc on
how to use a PKCS#11 module.

Linking the OpenSC and libASEP11.so wont work.

But one could write the card drivers for the IDProtect card in OpenSC,
which is at a lower level then PKCS#11, so OpenSC could also support
the IDProtect card.

> Running opensc-tool --reader 0 --name gives me "Unsupported INS byte in APDU".
>
> Can someone push me in the right direction?

There have been similar qusetions in the past Google for: athena IDProtect OpenSC

Also Google for pkinit-nss

This would let PKINIT use multiple PKCS#11 libs.

>
> Thanks in advance.
>
> Iestyn Guest.
>
> Reader 0: Broadcom 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
>    Card state: Card inserted, Shared Mode,
>    ATR: 3B DC 18 FF 81 91 FE 1F C3 80 73 C8 21 13 66 01 0B 03 52 00 05 38
>    Athena IDProtect Smart Card Logon Card
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite
> It's a free troubleshooting tool designed for production
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap2
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Link OpenSC against libASEP11.so?

mikybrother
In reply to this post by Guest, Iestyn - 1140 - MITLL
see this post for some useful info