ECA Smart Cards on Snow Leopard
Has anyone made or heard of any progress with regards to ECA Smart Cards on Snow Leopard? The last update I can find is that the card shows up in Keychain Access but the certificates aren't available. Thanks for any info, Suzanne
Not sure what "ECA" stands for, but I got a new badge on Friday. It is an Oberthur ID One 128 v5.5 Dual. It didn't work with my OSX 10.6.6, ActiveCard reader. I went to www.militarycac.com/snowleopard.htm. It has a "Gemalto TOP DL GX4 144" fix for free. It didn't work with my Oberthur card. But I noticed a "new" link on this page to PKard by Thursby Software. It costs $29.95. Thursby offers free trials but not for PKard. I downloaded the free trial for ADmit Mac PKI ($239 for 1 year license!). Keychain Access 4.1 sees my certificates, and I have access again. I plan to buy PKard as Thursby states on its website that PKard is just for remote user access which is all I need. The ADmit Mac PKI free trial is only for 3 weeks. If you hear of a free fix, please let me know. On 3/18/11 5:36 PM, "Suzanne Stevens, Contractor, Code 5595" <suzanne.stevens.ctr@nrl.navy.mil> wrote:
Has anyone made or heard of any progress with regards to ECA Smart Cards on Snow Leopard? The last update I can find is that the card shows up in Keychain Access but the certificates aren't available.
Thanks for any info, Suzanne _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users
Regards, Sean J. Pitts SSC LANT Naples Office Code 55810 Office: DSN: 314-626-3839 Commercial: +39.081.568.3839 Cell: +39.335.740.4967
I had some luck getting Keychain Access to see the new cards using the OpenSC software: http://www.opensc-project.org/opensc http://www.opensc-project.org/files/opensc/OpenSC-0.12.0-10.6.dmg I did not have time to test it thoroughly, however. - Ruben On Mar 21, 2011, at 5:15 AM, Pitts, Sean J Mr CIV USN wrote:
Not sure what "ECA" stands for, but I got a new badge on Friday. It is an Oberthur ID One 128 v5.5 Dual. It didn't work with my OSX 10.6.6, ActiveCard reader. I went to www.militarycac.com/snowleopard.htm. It has a "Gemalto TOP DL GX4 144" fix for free. It didn't work with my Oberthur card. But I noticed a "new" link on this page to PKard by Thursby Software. It costs $29.95. Thursby offers free trials but not for PKard. I downloaded the free trial for ADmit Mac PKI ($239 for 1 year license!).
Keychain Access 4.1 sees my certificates, and I have access again.
I plan to buy PKard as Thursby states on its website that PKard is just for remote user access which is all I need. The ADmit Mac PKI free trial is only for 3 weeks.
If you hear of a free fix, please let me know.
On 3/18/11 5:36 PM, "Suzanne Stevens, Contractor, Code 5595" <suzanne.stevens.ctr@nrl.navy.mil> wrote:
Has anyone made or heard of any progress with regards to ECA Smart Cards on Snow Leopard? The last update I can find is that the card shows up in Keychain Access but the certificates aren't available.
Thanks for any info, Suzanne _______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users
Regards,
Sean J. Pitts SSC LANT Naples Office Code 55810 Office: DSN: 314-626-3839 Commercial: +39.081.568.3839 Cell: +39.335.740.4967
_______________________________________________ SmartcardServices-Users mailing list SmartcardServices-Users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users
Suzanne, ECA is in reference to the issuance (external) and is not directly related to the Smart Card or applet versions. Most if not all newer cards being issued in DoD are issued with a newer profile/applet (sometimes referred to as CACNG). If you were issued a "Gemalto TOP DL GX4 144" then you can either update to 10.6.7 or, if you have not already, you can install the beta tokend from the SmartcardServices project downloads. The card would then be supported/seen in Keychain Access. If you were issued a "Oberthur ID One 128 v5.5 Dual" then neither 10.6.7 nor the beta Token would help you - right now. The CACNG Tokend here will be updated to support the Oberthur card in a future release. Sorry for delay on this Shawn Geddis SmartcardServices Project Lead On Mar 18, 2011, at 12:36, "Suzanne Stevens, Contractor, Code 5595"<suzanne.stevens.ctr@nrl.navy.mil> wrote:
Has anyone made or heard of any progress with regards to ECA Smart Cards on Snow Leopard? The last update I can find is that the card shows up in Keychain Access but the certificates aren't available.
Thanks for any info, Suzanne
On Mar 21, 2011, at 5:15, "Pitts, Sean J Mr CIV USN" <sean.pitts@us.army.mil> wrote:
Not sure what "ECA" stands for, but I got a new badge on Friday. It is an Oberthur ID One 128 v5.5 Dual. It didn't work with my OSX 10.6.6, ActiveCard reader. I went to www.militarycac.com/snowleopard.htm. It has a "Gemalto TOP DL GX4 144" fix for free. It didn't work with my Oberthur card. But I noticed a "new" link on this page to PKard by Thursby Software. It costs $29.95. Thursby offers free trials but not for PKard. I downloaded the free trial for ADmit Mac PKI ($239 for 1 year license!).
Keychain Access 4.1 sees my certificates, and I have access again.
I plan to buy PKard as Thursby states on its website that PKard is just for remote user access which is all I need. The ADmit Mac PKI free trial is only for 3 weeks.
If you hear of a free fix, please let me know.
Regards,
Sean J. Pitts SSC LANT Naples Office Code 55810
Shawn, I'm using CAC since Snow Leopard 10.6.5, and I have CACNG (beta) 0.95 installed. Now that Mac OS X has been upgraded to 10.6.7 is it better for me to remove CACNG, and if so how? Please feel free to reply via email, or by posting at the forum. Thanks! -- ____________________________________ Uri Blumenthal Voice: (781) 981-1638 Cyber Systems and Technology Fax: (781) 981-7687 MIT Lincoln Laboratory Cell: (339) 223-5363 244 Wood Street Email: <uri@ll.mit.edu <uri@ll.mit.edu> > Lexington, MA 02420-9185 Www: http://www.ll.mit.edu/CST/ <http://www.ll.mit.edu/CST/> From: "Shawn A. Geddis" <geddis@mac.com> Date: Tue, 22 Mar 2011 21:08:08 -0400 To: "Suzanne Stevens, Contractor, Code 5595" <suzanne.stevens.ctr@nrl.navy.mil> Cc: "smartcardservices-users@lists.macosforge.org" <smartcardservices-users@lists.macosforge.org> Subject: Re: [SmartcardServices-Users] ECA Smart Cards on Snow Leopard Suzanne, ECA is in reference to the issuance (external) and is not directly related to the Smart Card or applet versions. Most if not all newer cards being issued in DoD are issued with a newer profile/applet (sometimes referred to as CACNG). If you were issued a "Gemalto TOP DL GX4 144" then you can either update to 10.6.7 or, if you have not already, you can install the beta tokend from the SmartcardServices project downloads. The card would then be supported/seen in Keychain Access. If you were issued a "Oberthur ID One 128 v5.5 Dual" then neither 10.6.7 nor the beta Token would help you - right now. The CACNG Tokend here will be updated to support the Oberthur card in a future release. Sorry for delay on this Shawn Geddis SmartcardServices Project Lead On Mar 18, 2011, at 12:36, "Suzanne Stevens, Contractor, Code 5595"<suzanne.stevens.ctr@nrl.navy.mil> wrote:
Has anyone made or heard of any progress with regards to ECA Smart Cards on Snow Leopard? The last update I can find is that the card shows up in Keychain Access but the certificates aren't available.
Thanks for any info, Suzanne
On Mar 21, 2011, at 5:15, "Pitts, Sean J Mr CIV USN" <sean.pitts@us.army.mil> wrote:
Not sure what "ECA" stands for, but I got a new badge on Friday. It is an Oberthur ID One 128 v5.5 Dual. It didn't work with my OSX 10.6.6, ActiveCard reader. I went to www.militarycac.com/snowleopard.htm <http://www.militarycac.com/snowleopard.htm> . It has a "Gemalto TOP DL GX4 144" fix for free. It didn't work with my Oberthur card. But I noticed a "new" link on this page to PKard by Thursby Software. It costs $29.95. Thursby offers free trials but not for PKard. I downloaded the free trial for ADmit Mac PKI ($239 for 1 year license!).
Keychain Access 4.1 sees my certificates, and I have access again.
I plan to buy PKard as Thursby states on its website that PKard is just for remote user access which is all I need. The ADmit Mac PKI free trial is only for 3 weeks.
If you hear of a free fix, please let me know.
Regards,
Sean J. Pitts SSC LANT Naples Office Code 55810
Hello, I¹m not sure if this is the right list to ask this question. I¹m trying to create a filevaulted user, who can log in with the pubkeyhash method in the AuthenticationAuthority field. As far as I know tokenadmin create-fv-user is broken and hasn¹t been fixed yet. So I¹ve been trying to create a sparsebundle using: hdiutil create -size 20m -encryption -fs HFS+J -pubkey 6225DF186D119D08DA6850C74C948A182F5DE7C2 enc.sparsebundle hdiutil: create failed - error 0x80010914 I keep getting this error. When I use a different hash, I don¹t get an error at all, but instead it returns the usage: Usage: hdiutil create <sizespec> [options] <imagepath> hdiutil create help When I export the certificate and use that instead of the public key hash value I get the same error value. Does hdiutil do some sort of test on the hexidecimal pubkeyhash values? Is this method even possible? I figured that I could create the sparsebundle then just drop it into place by modifying the NFSHomeDirectory field. I¹ve been referencing this message: http://lists.macosforge.org/pipermail/smartcardservices-users/2010-September /000136.html Thank you David Bruno Security +, RHCT, CCNA, CCA Computer Scientist ARL/CISD 410-278-8929 david.bruno@us.army.mil
Hello, I¹m not sure if this is the right list to ask this question. I¹m trying to create a filevaulted user, who can log in with the pubkeyhash method in the AuthenticationAuthority field. As far as I know tokenadmin create-fv-user is broken and hasn¹t been fixed yet. So I¹ve been trying to create a sparsebundle using: hdiutil create -size 20m -encryption -fs HFS+J -pubkey 6225DF186D119D08DA6850C74C948A182F5DE7C2 enc.sparsebundle hdiutil: create failed - error 0x80010914 I keep getting this error. When I use a different hash, I don¹t get an error at all, but instead it returns the usage: Usage: hdiutil create <sizespec> [options] <imagepath> hdiutil create help When I export the certificate and use that instead of the public key hash value I get the same error value. Does hdiutil do some sort of test on the hexidecimal pubkeyhash values? Is this method even possible? I figured that I could create the sparsebundle then just drop it into place by modifying the NFSHomeDirectory field. I¹ve been referencing this message: http://lists.macosforge.org/pipermail/smartcardservices-users/2010-September /000136.html Thank you David Bruno Security +, RHCT, CCNA, CCA Computer Scientist ARL/CISD 410-278-8929 david.bruno@us.army.mil
participants (6)
-
Blumenthal, Uri - 0668 - MITLL
-
David Bruno (Civ ARL/CISD) <dbruno>
-
Pitts, Sean J Mr CIV USN
-
Ruben Brochner
-
Shawn A. Geddis
-
Suzanne Stevens, Contractor, Code 5595