Hello all!
My name is Cristian, and I'm a Brazilian graduate student, researching
PKI themes. I've just bought me a Macbook Pro, and I was looking for a
way to make my epass2k token work on Mac OS X 10.6 (Snow Leopard). But
"PRONOVA" don't provide a tokend module. They provide a PKCS#11 module
only for Mac. So I can use firefox and thunderbird, but not safari,
chrome, java, mail and everithing else I would like to use with it.
I must say I've got a bit disappointed on the lack of support for
PKCS#11 on Mac OS X Keychain. I've read that Apple don't want it because
of the need to point to dynlibs... I can understand, but I would be
happy even if the option was available by editing some config file or
running terminal commands. But ok, stop complaining, I'm on mac for 3
weeks now and this is my first and only complaint until now, that is good.
Since I'm a programmer, since I've come from the Linux world and since
I've got some friends here that also are programmers, also use mac, also
would like to use PKCS#11 modules on theis Mac Keychain, and also would
enjoy giving a solution for this, I'm interested on try to develop a
Tokend module that works as an interface to user provided PKCS#11
dynlibs. I would like to know:
- if you have heard about someone already trying/doing this (I've
found this slides:
http://middleware.internet2.edu/pki06/proceedings/dinapoli-pkcs11-mac.pdf,
from 2006... I'm trying to contact the author. But found nothing else).
- if there is already a documentation to people like me, that want to
develop his first Tokend module. On the website I've found only user
documentation, not developer documentation.
Regards,
--
Cristian Thiago Moecke
contato(a)cristiantm.com.br
Hello and thanks in advance.
Sorry if posted on the wrong place.
Apart from that, i apologize if theres any typo or misunderstanding,
my english is as best as i can.
Check the conversation (1 message) that lead me here:
http://www.opensc-project.org/pipermail/opensc-devel/2011-May/016640.html
What ludovic sent to me, is a kind of bridge (That is expected to be
included on OSX 10.7) from KeyChain/Tokend to PKCS11, which try to use
all the pkcs11 libraries/files present on /usr/lib/pkcs11, to let
Safari/Mail/etc. use my pkcs11 dylib to attack the smartcard.
Im right? Im am absolutely wrong?
I followed the instructions ludovic provide on his blog. i see theres
a gemalto compiled version, but first i try to compile myself
following http://smartcardservices.macosforge.org/trac/wiki/documentation/building
I suppose, after compiling, it will generate a dylib or something that
i can install/register on the system.
So, hands on subject.
"For example 10A432 is for Snow Leopard 10.6.0. 10C540 is for 10.6.2."
Apart from that non-human notation, will a version compiled for 10.6
work on 10.6.2? Actually im on a 10.6.7, so maybe all the following
errors are due to this.
"#darwinbuild..."
No one said what was this, but i installed macports and do "sudo port
install darwinbuild +universal". Im use to "make"
That was going so well, until i get "ERROR: project not found:
SmartcardCCID" when executing "sudo darwinbuild SmartcardCCID"
Any idea?
Then i read:
$ cd /Volumes/BuildRoot_*/SourceCache/SmartCardServices/SmartCardServices-36160
# darwinbuild -nosource SmartCardServices
Are we compiling the sources for this computer, and replacing current
smartcard service? wasnt tokend a proxy library?
Anyway...i take the risk and invoke cd... and the darwinbuild lines:
ERROR: please change your working directory to one initialized by:
darwinbuild -init <build>
Alternatively, you may set the DARWIN_BUILDROOT environment variable to the
absolute path of that directory.
Ok, it failed but im going to test if i got the packager tool
sudo /usr/local/share/darwinbuild/packageRoots
sudo: /usr/local/share/darwinbuild/packageRoots: command not found
Now, i realize, that the manual/guide could be quite outdated.
So, could you confirm this is a bridge, and if its, help me getting this work?
> [1] http://ludovicrousseau.blogspot.com/2010/04/free-software-tokend-above-pkcs…