forums.xandros.com

[Centurion030]

Hello,

I don't know how many out there will be using smartcards. I have a GemPC USB-SW reader that works on my WinXP Pro boot. I have downloaded pcscd and others-pcsc and can get a pcscd -restart to work. pcsc_scan does show me when a card is installed. of course, lsusb shows the device too.

The only step now is the middleware. I got the lenny version of coolkey and used the alien trick on it-it seemed to install without any issues and the system isn't broken. But, when I use Firefox and look for security devices, it isn't there-the CAC reader.

I have:

libccid
libgempc430
pcscd
pcsc-tools

Installed.

Any pointers?

Regards,

James
_________________
Soli Et Deo Gloria

Systems:
Dual-boot Solaris 10 x86 and OCE 4.5 (Desktop)
OCE 4.5 with WinXP Pro on VirtualBox(Dell Inspiron 8200)
Panasonic KX-P7110 as the network printer.
Cisco 2924/2912, 2610,2620,2611
Win2003 Server

[zoic]

Not sure if this helps, hard to find relevant info in a Google search, but I did find this one comment:

[Cloudy Wizzard]

I had some problems with the Belgian eID card and a Gemplus cardreader. The middleware worked fine as root as user it was unable to find the cardreader.

I think I fixed it but I'm not quite sure how (I think I edited some file permissions).

I also have one of those PCMCIA cardreaders (GemPC) and that was even harder to get working (don't think I ever got it working well in Debian).
_________________

[Centurion030]

This will be a long reply.

To Zoic, it seems that the coolkey package installed the libpkcs11 library. However, when I try to install the device in firefox, using the module from that library, it says "unable to install module."

I am wondering if I should go with the driver and software from gemalto itself. Here is their readme:

"Readme for the Gemalto CCID Smart Card reader driver for the DEBIAN "Sarge".

Gemalto CCID Smart card reader drivers for Debian Sarge 3.1 Linux distribution
and x86 processor architecture.

Version 1.2.4, March 2006.

Before proceeding, you might want to check whether a new driver version
is available from http://support.gemalto.com/


Contents:
---------

0. License
1. Description
2. Installation
3. Troubleshooting
4. Release notes
5. Support

0. License
----------

All included programs are free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation; either version 2.1 of the License,
or (at your option) any later version.

All included programs are distributed in the hope that it will be
useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Lesser Public License for more details.

You should have received a copy of the GNU Lesser General Public License
along with this program; if not, write to the Free Software Foundation,
Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA


1. Description
--------------
This archive contains DEB packages of the CCID device driver for the Gemplus
CCID based devices and the PCSC-Lite daemon.

The CCID device driver:
* libccid_1.2.4-0_i386.deb

The pcsc-lite :

( from http://www.backports.org/debian/pool/main/p/pcsc-lite/)

* libpcsclite1_1.2.9-beta9-0bpo1_i386.deb
* libpcsclite-dev_1.2.9-beta9-0bpo1_i386.deb
* pcscd_1.2.9-beta9-0bpo1_i386.deb

This archive contains the source code of the CCID device driver for
the Gemplus CCID based devices and the PCSC-Lite daemon.

The CCID device driver:
* ccid-1.2.4.tar.gz

The pcsc-lite:
* pcsc-lite-1.2.9-beta10.tar.gz

It requires:
* A Debian Sarge 3.1 platform based on a x86 processor architecture,
* A Gemplus CCID based device

If you intend to use this driver with a different configuration (such
as a non x86 platform), please contact the support at the address
indicated at the very end of this document.


2. Installation
---------------

- Install the driver: # dpkg -i libccid_1.2.4-0_i386.deb

- Install the pcscd provided with this package:
# dpkg -i pcscd_1.2.9-beta9-0bpo1_i386.deb
libpcsclite-dev_1.2.9-beta9-0bpo1_i386.deb
libpcsclite1_1.2.9-beta9-0bpo1_i386.deb

The pcsc-lite daemon will (re)start automatically during installation.


3. Troubleshooting
------------------

For some Linux distributions, the pcmcia daemon should be loaded after
the pcscd daemon. As the pcscd daemon does not manage PCMCIA smart card
reader as hotplug devices, it might not take into account your GemPCCard
presence. To solve this issue, please restart the pcscd daemon as
explained below:

# /etc/init.d/pcscd restart


4. Release notes
----------------

Version 1.0.0: This is the initial driver version.
Version 1.1.0: Support of PCCard smart card reader and improvements.
Version 1.2.4: Support of PCPin PAD and GemPC Xpress smart card readers. "

This is a Debian Sarge package, Doctore, do you think I can use the alien trick on this package for OCE 4.5?

I can remove all of the packages I have installed before I run this. Please note, I am able to restart the pcscd dameon and also get a pcsc_scan result with my CAC card installed.

It seems that my middleware is missing. Coolkey is made for Lenny or Sid. I have seen some other middleware packages but they don't seem to help out at all. openct seems to create an installable device-yet is remains detached all the time.

Thoughts?

Regards,

James
_________________
Soli Et Deo Gloria

Systems:
Dual-boot Solaris 10 x86 and OCE 4.5 (Desktop)
OCE 4.5 with WinXP Pro on VirtualBox(Dell Inspiron 8200)
Panasonic KX-P7110 as the network printer.
Cisco 2924/2912, 2610,2620,2611
Win2003 Server

[Doctore]

[Centurion030]

Hi Doctore,

Unfortunately, Gemalto doesn't make the package for etch. The coolkey I mentioned was available in lenny and I converted that but it doesn't seem to work.

The packages also list ones that I have been able to get already. The software I have seems to be able to read the card/reader.

James
_________________
Soli Et Deo Gloria

Systems:
Dual-boot Solaris 10 x86 and OCE 4.5 (Desktop)
OCE 4.5 with WinXP Pro on VirtualBox(Dell Inspiron 8200)
Panasonic KX-P7110 as the network printer.
Cisco 2924/2912, 2610,2620,2611
Win2003 Server

[Centurion030]

Come to think of it-I have the drivers for this and the correct etch packages. Just need a usable middleware package. gsmartcard didn't work as did a couple other middleware packages.

James
_________________
Soli Et Deo Gloria

Systems:
Dual-boot Solaris 10 x86 and OCE 4.5 (Desktop)
OCE 4.5 with WinXP Pro on VirtualBox(Dell Inspiron 8200)
Panasonic KX-P7110 as the network printer.
Cisco 2924/2912, 2610,2620,2611
Win2003 Server

[Doctore]

Have you tried with "Etch-Backports" enabled in your "/etc/apt/sources.list"?
deb http://www.backports.org/debian/ etch-backports main contrib non-free
_________________
Linux User #432929
Visit our sites :
http://www.pcds.fi/
http://www.djn.fi/

[Centurion030]

Safe to ignore the authentication warning-similar to tuxfamily?

James
_________________
Soli Et Deo Gloria

Systems:
Dual-boot Solaris 10 x86 and OCE 4.5 (Desktop)
OCE 4.5 with WinXP Pro on VirtualBox(Dell Inspiron 8200)
Panasonic KX-P7110 as the network printer.
Cisco 2924/2912, 2610,2620,2611
Win2003 Server

[Doctore]

[TekMate]

Any packages that are built on another kernel or another version of KDE will not work. Gnome apps and command line utilities are usually safe.
_________________

If you were offered the chance to learn the truth…would you take it?

[Centurion030]

Thanks guys!

Doctore, the Backports sites does not contain coolkey. I have written several people including the Debian maintainers for some info/help regarding this.

James
_________________
Soli Et Deo Gloria

Systems:
Dual-boot Solaris 10 x86 and OCE 4.5 (Desktop)
OCE 4.5 with WinXP Pro on VirtualBox(Dell Inspiron 8200)
Panasonic KX-P7110 as the network printer.
Cisco 2924/2912, 2610,2620,2611
Win2003 Server

[Centurion030]

First, I want to thank all the great folks from the Xandros forums, the AKO CAC forum, the Debian CoolKey maintainers, guys from work, and others for the help and assisstance in getting this project to work.

Here is how I got CoolKey to work on my Xandros OCE 4.5. (Debian "etch" Linux distro)

I first used Synaptic Package Manager with the following repositories (/etc/apt/sources.list)

deb http://xnv45.xandros.com/4.5oc/pkg/ oc4.5-xn main contrib non-free
deb http://xnv45unsup.xandros.com/4.5oc/upkg/ etch main contrib non-free
deb http://update.eeepc.asus.com/p701/ p701 main
deb http://update.eeepc.asus.com/p900/ p900 main
deb http://update.eeepc.asus.com/1.6/ p901 main
deb http://update.eeepc.asus.com/1.6/ p904 main
deb http://update.eeepc.asus.com/1.6/ p904hd main
deb http://update.eeepc.asus.com/1.6/ p1000 main
deb http://update.eeepc.asus.com/1.6/ p1000h main
deb http://update.eeepc.asus.com/1.6/ p1000hd main
deb http://download.tuxfamily.org/xepcrepo/ p701 main
deb http://download.tuxfamily.org/eeepcrepos/ p701 main etch
deb http://asusxntest.xandros.com/asus-source/p7xx/1.0.4/ v104 main contrib non-free
deb http://asusxntest.xandros.com/asus-source/p7xx/1.0.6/ v106 main contrib non-free

And, I got the following Libraries/Packages:
libccid 1.1.0-1
libpcsclite1 1.3.2-5
libpcsclite-dev 1.3.2-5
pcscd 1.3.2-5
pcsc-tools 1.4.8-1
libpcsc-perl 1.4.4-1

Because CoolKey doesn't exist as a package for my "etch" based distro, I got the source code for CoolKey.

site:
http://packages.debian.org/lenny/armel/coolkey

files:
* [coolkey_1.1.0-5.dsc] Description file
* [coolkey_1.1.0.orig.tar.gz] Actual code
* [coolkey_1.1.0-5.diff.gz] Patch

I saved them to a /coolkey/ directory.

I then used the following commands while in the coolkey directory.

commands:
tar -xvvzf coolkey_1.1.0.orig.tar.gz extract the files-creates coolkey-1.1.0/
gunzip coolkey_1.1.0-5.diff.gz unzip the diff file
patch --dry-run -p1 -i coolkey_1.1.0-5.diff do a dry run and test
patch -p0 <coolkey_1.1.0-5.diff patch the diff file to the source
cd coolkey-1.1.0/ cd to the directory
ls list everything
./configure configure
make compile
make install install

cd /
/etc/init.d/pcscd restart restart the pcscd daemon
pcsc_scan | more check for my card reader/card

find / -name *pk11.so find the device module

/coolkey/coolkey-1.1.0/src/coolkey/.libs/libcoolkeypk11.so

/usr/local/lib/pkcs11/libcoolkeypk11.so this is what will be used

I installed the certificate authorities in Firefox. (Edit/Advanced/Security/View Certificates/
Authorities/Import)

I then installed the security device in Firefox. (Edit/Advanced/Security Devices/Load)
I gave it a name "CAC Module" and browsed to /usr/local/lib/pkcs11/libcoolkeypk11.so

I clicked "OK", clicked "OK" again for confirmation, and got the confirmation that a new security module was installed.

You can also login to your card in this menu as well. I tried out AKO and CAC login and it worked fine!

This was a good learning experience.

James

_________________
Soli Et Deo Gloria

Systems:
Dual-boot Solaris 10 x86 and OCE 4.5 (Desktop)
OCE 4.5 with WinXP Pro on VirtualBox(Dell Inspiron 8200)
Panasonic KX-P7110 as the network printer.
Cisco 2924/2912, 2610,2620,2611
Win2003 Server

[TekMate]

Thanks for posting the instructions I am sure they will help others.
_________________

If you were offered the chance to learn the truth…would you take it?