[SmartcardServices-Users] Problem with pcscd and GD card

Francis Augusto Medeiros francis at mgate.com.br
Thu Apr 8 11:55:40 PDT 2010


Shawn,

It seems you got some of my points wrong.

1 - I didn't install TokenLounge. I should have and wanted to do so, but I was provided with SafeNet's Borderless PK Security for Mac, which caused the whole problem.

2 - How can I reinstall my Services and CCID so that I have things in the original state without having to reinstall the whole OS?

I have another Mac where things are working fine. Are there files I could/should copy and replace mine on the corrupted system in an attempt to make it work?

Yours,

Francis
On 08/04/2010, at 14:30, Shawn A. Geddis wrote:

> Francis,
> 
> The Smart Card you were provided (assuming you are right about it being aG&D) would have an applet on the card which was not natively supported by the Tokend modules pre-installed (BELPIC, CAC, JPKI, PIV).  
> 
> That is why you did not see it via Keychain Services (and PKCS#11 for that matter since Apple no longer ships a PKCS#11 library with Mac OS X.  
> 
> The SafeSign 3.0 (from AET) would be a solution supporting various card abstractions...
> 
> http://www.aeteurope.com/aet/aet-europe/_www/en/pub/products/safesign.cfm
> ...
> Basically any application that either supports PKCS #11 and/or CSP to work with tokens on any of the supported platforms can make use of the benefits and features of SafeSign Identity Client!
> ...
> Windows, MAC OS X, Sun or Linux is implemented.
> ...
> Microsoft CryptoAPI (CSP), minidriver, PKCS#11, PKCS#12 or PKCS#15 are used.
> 
> So after you installed SafeSign 3.0, you got a PKCS#11 based solution installed which replaced the built-in Smart Card Services components.
> 
> You installed TokenLounge which provided a Tokend module, however, due to the installation of SafeSign 3.0 previously, you no longer had the ability to use what was previously built-in - Tokend-based Smart Card Services.
> 
> You uninstalled TokenLounge and re-installed SafeSign 3.0 and nothing works anymore....
> 
> The only explanation based on what you did here is that the Uninstall / Re-install did not completely return the system to its original state.
> 
> You could either fiddle forever and may get it back to basics, but this is when re-installing is usually cheaper in the sense of resources - your time.
> 
> ___
> 
> Keep in mind that when you get a good working Tokend for your card, you would not need any additional software to access it via PKCS#11.  You just need to point to the PKCS#11Shim that was originally provided here as source for 10.5.x and was integrated into Mac OS X with 10.6.0.
> 
> /usr/libexec/SmartCardServices/pkcs11/tokendPKCS11.so
> 
> -Shawn
> 
> __________________________________________________
> Shawn Geddis				  			   geddis at mac.com
> Security Consulting Engineer				   geddis at apple.com
> 
> MacOSForge Project Lead:                           Smart Card Services                                                                
> 	Web:	http://smartcardservices.macosforge.org/
> 	Lists:	http://lists.macosforge.org/mailman/listinfo
> __________________________________________________
> 
> On Apr 8, 2010, at 12:38 PM, Francis Augusto Medeiros wrote:
> 
>> Shawn,
>> 
>> Well, let me explain it all again:
>> 
>> I have a SmartCard provided by my CA. It seems to be one from G&D. My CA doesn't provide any support for Mac users - they provide some software for MacOS X, but besides that, you're on your own to make things work.
>> 
>> So they sent me SafeSign 3.0, from AET, which worked perfectly with my smartcard and my Gemalto PC Twin usb reader.
>> 
>> But, as you understand, SafeSign just work as a middleware in Firefox - it doesn't come with the tokend component necessary to make Keychain (and apps that rely on it for certificates) accept my certificate that's on my smartcard.
>> 
>> So, I wrote to my CA and asked if they could send me TokenLounge, which is AET's tokend solution. They sent me something else, called SafeNet Borderless PK security for Mac. I installed it, and it didn't work. Worse: my smartcard wasn't being recognized anymore by SafeSign, and pcscd wasn't launching. 
>> 
>> I uninstalled the SafeNet Borderless, reinstalled SafeSign 3.0, but still can't get the Mac (or Firefox, for that matter) to recognize my smartcard and to read my certificate.
>> 
>> Thanks,
>> 
>> Francis
>> On 08/04/2010, at 12:47, Shawn A. Geddis wrote:
>> 
>>> Francis,
>>> 
>>>> I may be wrong, but I don't think the problem occurred because I uninstalled the SafeNet Borderless PK Security. Even before uninstalling it, my Mac wasn't recognizing my smartcard, which was happening perfectly before that.
>>> 
>>> So there is confusion then about what was working and what steps were taken before things stopped working.  Hard to provide guidance or diagnose without knowing those valuable nuggets.
>>> 
>>> -Shawn
>>> __________________________________________________
>>> Shawn Geddis				  			   geddis at mac.com
>>> Security Consulting Engineer				   geddis at apple.com
>>> 
>>> MacOSForge Project Lead:                           Smart Card Services                                                                
>>> 	Web:	http://smartcardservices.macosforge.org/
>>> 	Lists:	http://lists.macosforge.org/mailman/listinfo
>>> __________________________________________________
>>> 
>>> 
>>> On Apr 8, 2010, at 4:28 AM, Francis Augusto Medeiros wrote:
>>> 
>>>> Dear Shawn,
>>>> 
>>>> Thank you very much for your answer.
>>>> 
>>>> I may be wrong, but I don't think the problem occurred because I uninstalled the SafeNet Borderless PK Security. Even before uninstalling it, my Mac wasn't recognizing my smartcard, which was happening perfectly before that.
>>>> 
>>>> I', just trying to launch pcscd manually to check whether it's working or not. It seams it isn't due those errors I posted. It doesn't get to be active for a second.
>>>> 
>>>> 
>>>> Thanks,
>>>> 
>>>> Francis
>>>> On 08/04/2010, at 05:04, Shawn A. Geddis wrote:
>>>> 
>>>>> Francis,
>>>>> 
>>>>> There is no need to manually launch pcscd.  Securityd will automatically launch pcscd when a Smart Card Reader is detected (attached to the system).  If a Smart Card is not present for 2 minutes, pcscd will automatically be shut down until you do insert a Smart Card.
>>>>> 
>>>>> The unfortunate part of your email is:
>>>>>> So I uninstalled it.
>>>>> 
>>>>> This means that the "Uninstaller" may have been a bit too aggressive or errant in its removal of components.
>>>>> 
>>>>> -Shawn
>>>>> __________________________________________________
>>>>> Shawn Geddis				  			   geddis at mac.com
>>>>> Security Consulting Engineer				   geddis at apple.com
>>>>> 
>>>>> MacOSForge Project Lead:                           Smart Card Services                                                                 
>>>>> 	Web:	http://smartcardservices.macosforge.org/
>>>>> 	Lists:	http://lists.macosforge.org/mailman/listinfo
>>>>> __________________________________________________
>>>>> 
>>>>> On Apr 1, 2010, at 10:31 PM, Francis Augusto Medeiros wrote:
>>>>>> Hi there folks,
>>>>>> 
>>>>>> I have a Gemalto PCTwin usb smartcard reader, which I intended to use with my GD smartcard. 
>>>>>> 
>>>>>> My CA sent me a middleware called SafeSign 3.0, so I could use my smartcard on the Mac. Unfortunately, it just works with Firefox. I wanted something that would work with Keychain and standard Mac apps.
>>>>>> 
>>>>>> So I asked them if they had TokenLounge, which is AET's tokend for Mac. They sent me something else, called Safenet Borderless Security PK for Mac. It didn't work on my Mac 10.6.3 install, and precluded my newer SafeSign to work. So I uninstalled it.
>>>>>> 
>>>>>> Now my card can't be read on my Mac! I tested it under Windows and on another mac, and it works there. So, doing some research, I found out that my pcscd is not running, and I can't make it run. 
>>>>>> 
>>>>>> When I try to run it typing pcscd -f, I get this:
>>>>>> User signal 2
>>>>>> 
>>>>>> And when typing sudo pcscd -df
>>>>>> I get this:
>>>>>> 
>>>>>> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/debuglog.c:240:DebugLogSetLevel() debug level=debug
>>>>>> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/pcscdaemon.c:389:main() pcscd set to foreground with debug send to stderr
>>>>>> /SourceCache/SmartCardServices/SmartCardServices-36160/src/PCSC/readerfactory.c:1545:ReaderCheckArchitecture() Send respawn signal to pcscd (pid=794)
>>>>>> User signal 2
>>>>>> 
>>>>>> Is there any clue on how can I get things back working again?
>>>>>> 
>>>>>> 
>>>>>> Yours,
>>>>>> 
>>>>>> Francis
>>> 
>>> 
>> 
>> _______________________________________________
>> SmartcardServices-Users mailing list
>> SmartcardServices-Users at lists.macosforge.org
>> http://lists.macosforge.org/mailman/listinfo.cgi/smartcardservices-users
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100408/7bb129ba/attachment-0001.html>


More information about the SmartcardServices-Users mailing list