[SmartcardServices-Users] ECA Hardware Token - Certs not showing up in Keychain

Shawn A. Geddis geddis at mac.com
Fri Jun 4 08:51:38 PDT 2010


On Jun 4, 2010, at 9:28 AM, Bob Colbert wrote:
> I just received an ECA Hardware Assurance certificate.  It is a ActivIdentity USB Token as shown here - http://www.actividentity.com/products/authenticationdevices/USBTokens/  .  I have the one without the one-time password display.  Of course set up of the device and placing the certificates on it was done with ActivClient on Windows at the ECA facility.


Bob,

You will notice on the Smart Card Reader Section (Smart Card CCID) [1] that the Smart Card Reader Matrix  [2] notes it is a *supported device* - with respect to the CCID Class Driver.  Keep in mind though, that the device is part of the equation and the profile / applet on the device is another.  The current CAC.Tokend also *incorrectly* picks up some ActivIdentity Tokens because the older probing of the applet/profile and gather of potential objects within that tokend is not refined enough.  ActivIdentity (formerly ActivCard) was the author of the original CAC.  The CAC.Tokend we make available here/by Apple needs to be updated to properly handle changes in the profiles since the tokend was originally developed.  

So you have two option available to you right now.  Either wait for changes we will make to correct / address this issue (which is what I would suggest) or you/others can grab the CAC.Tokend source code and make changes yourself for your systems (not exactly an ideal situation for most unless you want to get your hands dirty).

> When I plug the device into the Mac (running Snow Leopard 10.6.3), the device shows up in the Keychain as a CAC-xxx entry.  I double-click the lock and it prompts me for the PIN.  I think it is unlocking because a windows pops up titled “Common Access Card” with two tabs for Identification and Benefits, none of which are populated because this isnt a CAC card.  However, no certificates are displayed.  I am selecting the “All Items” category in Keychain (and My Certificates/Certifcates category too) and still nothing is showing up.

The uiplugin (CACViewerPlugin) is attempting to display content that is not all there.  It is working under the premise that it thinks it is a CAC and fails to display the PIN protected contents of the card.  This too is on the plate to address with the above noted issue.  

As always, we encourage folks to submit tickets on any issues they face with respect to the use of Smart Cards.  We really need to get a fair amount of content up on the wiki here that will help folks like yourself with these kinds of questions/issues.

Hope this helped.

-Shawn 

[1]	http://smartcardservices.macosforge.org/trac/wiki/smartcardccid
[2]	http://pcsclite.alioth.debian.org/section.html
__________________________________________________
Shawn Geddis				  			   geddis at mac.com
Security Consulting Engineer				   geddis at apple.com

MacOSForge Project Lead:                           Smart Card Services                                                                 
	Web:	http://smartcardservices.macosforge.org/
	Lists:	http://lists.macosforge.org/mailman/listinfo
__________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100604/0f1c63b6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/smartcardservices-users/attachments/20100604/0f1c63b6/attachment.bin>


More information about the SmartcardServices-Users mailing list