[SmartcardServices-Users] Differences between & fixes for the BelPic, Beid, CAC Tokend's

Maccampus maccampus at gmail.com
Tue Mar 29 15:36:38 PDT 2016 

I don’t know about OpenSC.tokend, but i’ll give it a look & test. I doubt it will work tough because the Belgian Identity Cards Encryption.

If it works, why wouldn’t MacOSforge’s Belpic.tokend, only Beid.tokend seems to be able to decrypt my identity information but has the explained trouble.

Apple used to create the Belpic.tokend in collaboration with the Belgian Federal ICT (edict) & Fedict included encryption version 1 & 2 in this version.
The collaboration has stopped however, MacOSforge still update’s the Belpic.tokend for new OS X versions but does not change it further, Fedict has renamed the Belpic.tokend to Beid.tokend & has added encryption version 3 & 4 to it, however their new builds are buggy & seems to have earlier explained symptoms on my Mac.

So i think in my case the Beid.tokend is the only one that will actually work with the encrypted data on my/the new issued Belgian Identity Cards (3th version of the Encryption) (For my earlier but now replaced ID card i used the Belpic.tokend from Apple/MacOSForge, this ID card had the 2nd version of encryption).

I think, but i am not a developer, with the earlier linked source code/Development kit on Github the Belpic.tokend could be updated to work on the newer Belgian ID cards by the developers at MacOSForge.

As mentioned earlier i read a post on this Lists that explained with CAC cards and CAC.tokend it was possible to login on OS X by inserting the CAC card & logout, go back to login screen or bring up a screensaver when the card is pulled out until it’s inserted again. I would like to have this possible swell for the Belgian ID card. How is this functionality implanted ? Is this included in the tokend ?

> Op 29-mrt.-2016, om 20:57 heeft Uri Blumenthal <uri at mit.edu> het volgende geschreven:
> 
> Since you probably have to use OpenSC anyway, why not try OpenSC.tokend? (Also, see other posts in SmartCardServices-Users regarding OpenSC.tokend forks)
> 
>> On Mar 28, 2016, at 4:48 , Maccampus <maccampus at gmail.com> wrote:
>> 
>> Hello Mr Shawn Geddis & Readers of the Tokend & SmartcardServices Mailing Lists,
>> 
>> A little more then a year or so ago, starting right after i had to get a new identity Card, i started having trouble using the Tokend  that was required to use my identification & pincodes in Safari & Keychain Access.
>> 
>> Since my identity Card is from Belgium (Belpic Tokend from MacOSForge.org & Beid Tokend from eid.belgium.be) i have had contact with both these Mailing Lists & Fedict.be with a fix which is workable but not really a solution which is tight.
>> 
>> The facts:
>> 
>> • The Belgian developers have worked with Apple in the past, this delivered the Belpic Tokend which Apple has outsourced to MacOSForge & is still being updated by MacOSForge.
>> • The Belgian Developers found Apple/MacOSForge to be to slow/unresponsive when they added patches & decided to work on their own, the new tokend is called Beid Tokend.
>> • My old identity card used the 2nd version of encryption, my new one uses the 3th version. This made the Belpic tokend defunct & i had to change to the Belpic Tokend.
>> • For unknown reasons on my Mac when using the Beid tokend i have to connect the reader with ID card at boot time to make sure it is recognized by the tokend & usable in Safari & Keychain. When i don’t do this i have a 1/10 chance it could still work, otherwise i need to reboot my Mac. This problem was not there when used the Belpic Tokend.
>> • Notting is wrong with my reader (ACS ACR38) running with Apple’s own driver or the latest driver from ACS (i can uninstall the ACS driver if needed but this don’t change a thing)  because if i use the JAVA application from Fedict or the Firefox plugin the card is accessed  & working as supposed to. Only when it should use the tokend it fails as explained.
>> 
>> So seeing these facts , i can presume & partly this is confirmed by the Fedict.be, that Apple only has the 1st & 2nd version of encryption while the Fedict also has the 3th & 4th version, The Identity Cards that are now issued use the 3th version & the 4th version will be used in future.
>> 
>> Also but unconfirmed, i think  Belpic because it is being developed & updated for new OS X versions by MacOSforge has kept full compatibility with OS X versions while Beid because it’s being developed by a 3th party with not enough intrest in OS X & unwillingly to work with MacOSForge is not 100 % bugler anymore & in my case a bug causes the behavior as explained above.
>> 
>> To add to the pain, i also see in a recent post in SMC Users that the US CAC card has far more functionality then the the Belgian Identity Card, i suppose this functionality is being delivered by the tokend, the CAC tokend i suppose is being developed in a team effort by the US military & MacOSforge.
>> 
>> The functionality i have in my mind here is the login in & switching on & off the screensaver or locking the computer by inserting the CAC card in the Card Reader connected to the Mac.
>> 
>> I wonder if al this could be fixed somehow, even if the Fedict.be will not be cooperative ?
>> 
>> You have both the Tokend’s & source code from CAC & Belpic & you can download the Beid tokend from above mentioned website, it’s inside an installer .pkg but i’m sure you can extract it without installing or even install it in a test environement. I hope you can use the beid tokend to get the 3th & 4th version of encryption without having the source code of it. But ofcource you could also ast the Fedict for the source or develepment kit & if this doesn’t work out, there is a Linux version which can be downloaded as source.
>> 
>> I really hope you are willing to fix these issue’s because the Fedict seems not to. (i have a long contact with their support & in each new version they have asked me to test if the bug still exists but it has never been fixed)
>> 
>> Yours sincerely
>> 
>> Maccampus
>> 
>> Belgian Mac OS X User
>> 
>> 
>> _______________________________________________
>> SmartcardServices-Users mailing list
>> SmartcardServices-Users at lists.macosforge.org
>> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users
> 
> --
> Uri the Great
> uri at mit.edu
> 
> 
> 
> 
> _______________________________________________
> SmartcardServices-Users mailing list
> SmartcardServices-Users at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/smartcardservices-users

More information about the SmartcardServices-Users mailing list