<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
On Mar 29, 2016, at 18:36 , Maccampus <<a href="mailto:maccampus@gmail.com" class="">maccampus@gmail.com</a>> wrote:<br class="">
<div>
<blockquote type="cite" class="">I don’t know about OpenSC.tokend, but i’ll give it a look & test. I doubt it will work tough because the Belgian Identity Cards Encryption.</blockquote>
<div><br class="">
</div>
<div>It may depend on how close Belgian Identity Card resembles CAC or PIV. I’d say - you have little to lose by trying it out. If it doesn’t work you can always delete the files and forget you tried. ;)</div>
<div><br class="">
</div>
<blockquote type="cite" class="">
<div class="">
<div class=""><font color="#000000" class="">……...</font><br class="">
<br class="">
As mentioned earlier i read a post on this Lists that explained with CAC cards and CAC.tokend it was possible to login on OS X by inserting the CAC card & logout, go back to login screen or bring up a screensaver when the card is pulled out until it’s inserted
again. I would like to have this possible swell for the Belgian ID card. How is this functionality implanted ? Is this included in the tokend ?<br class="">
</div>
</div>
</blockquote>
<div><br class="">
</div>
<div>I’ll leave this part to those with experience in configuring Mac OS X login and screensaver.</div>
<div><br class="">
</div>
<div><br class="">
</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div class="">Op 29-mrt.-2016, om 20:57 heeft Uri Blumenthal <<a href="mailto:uri@mit.edu" class="">uri@mit.edu</a>> het volgende geschreven:<br class="">
<blockquote type="cite" class=""><br class="">
Since you probably have to use OpenSC anyway, why not try OpenSC.tokend? (Also, see other posts in SmartCardServices-Users regarding OpenSC.tokend forks)<br class="">
<br class="">
<blockquote type="cite" class="">On Mar 28, 2016, at 4:48 , Maccampus <<a href="mailto:maccampus@gmail.com" class="">maccampus@gmail.com</a>> wrote:<br class="">
<br class="">
Hello Mr Shawn Geddis & Readers of the Tokend & SmartcardServices Mailing Lists,<br class="">
<br class="">
A little more then a year or so ago, starting right after i had to get a new identity Card, i started having trouble using the Tokend that was required to use my identification & pincodes in Safari & Keychain Access.<br class="">
<br class="">
Since my identity Card is from Belgium (Belpic Tokend from <a href="http://macosforge.org" class="">
MacOSForge.org</a> & Beid Tokend from <a href="http://eid.belgium.be" class="">eid.belgium.be</a>) i have had contact with both these Mailing Lists &
<a href="http://fedict.be" class="">Fedict.be</a> with a fix which is workable but not really a solution which is tight.<br class="">
<br class="">
The facts:<br class="">
<br class="">
• The Belgian developers have worked with Apple in the past, this delivered the Belpic Tokend which Apple has outsourced to MacOSForge & is still being updated by MacOSForge.<br class="">
• The Belgian Developers found Apple/MacOSForge to be to slow/unresponsive when they added patches & decided to work on their own, the new tokend is called Beid Tokend.<br class="">
• My old identity card used the 2nd version of encryption, my new one uses the 3th version. This made the Belpic tokend defunct & i had to change to the Belpic Tokend.<br class="">
• For unknown reasons on my Mac when using the Beid tokend i have to connect the reader with ID card at boot time to make sure it is recognized by the tokend & usable in Safari & Keychain. When i don’t do this i have a 1/10 chance it could still work, otherwise
i need to reboot my Mac. This problem was not there when used the Belpic Tokend.<br class="">
• Notting is wrong with my reader (ACS ACR38) running with Apple’s own driver or the latest driver from ACS (i can uninstall the ACS driver if needed but this don’t change a thing) because if i use the JAVA application from Fedict or the Firefox plugin the
card is accessed & working as supposed to. Only when it should use the tokend it fails as explained.<br class="">
<br class="">
So seeing these facts , i can presume & partly this is confirmed by the <a href="http://fedict.be" class="">
Fedict.be</a>, that Apple only has the 1st & 2nd version of encryption while the Fedict also has the 3th & 4th version, The Identity Cards that are now issued use the 3th version & the 4th version will be used in future.<br class="">
<br class="">
Also but unconfirmed, i think Belpic because it is being developed & updated for new OS X versions by MacOSforge has kept full compatibility with OS X versions while Beid because it’s being developed by a 3th party with not enough intrest in OS X & unwillingly
to work with MacOSForge is not 100 % bugler anymore & in my case a bug causes the behavior as explained above.<br class="">
<br class="">
To add to the pain, i also see in a recent post in SMC Users that the US CAC card has far more functionality then the the Belgian Identity Card, i suppose this functionality is being delivered by the tokend, the CAC tokend i suppose is being developed in a
team effort by the US military & MacOSforge.<br class="">
<br class="">
The functionality i have in my mind here is the login in & switching on & off the screensaver or locking the computer by inserting the CAC card in the Card Reader connected to the Mac.<br class="">
<br class="">
I wonder if al this could be fixed somehow, even if the <a href="http://fedict.be" class="">
Fedict.be</a> will not be cooperative ?<br class="">
<br class="">
You have both the Tokend’s & source code from CAC & Belpic & you can download the Beid tokend from above mentioned website, it’s inside an installer .pkg but i’m sure you can extract it without installing or even install it in a test environement. I hope you
can use the beid tokend to get the 3th & 4th version of encryption without having the source code of it. But ofcource you could also ast the Fedict for the source or develepment kit & if this doesn’t work out, there is a Linux version which can be downloaded
as source.<br class="">
<br class="">
I really hope you are willing to fix these issue’s because the Fedict seems not to. (i have a long contact with their support & in each new version they have asked me to test if the bug still exists but it has never been fixed)<br class="">
<br class="">
Yours sincerely<br class="">
<br class="">
Maccampus<br class="">
<br class="">
Belgian Mac OS X User<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
SmartcardServices-Users mailing list<br class="">
<a href="mailto:SmartcardServices-Users@lists.macosforge.org" class="">SmartcardServices-Users@lists.macosforge.org</a><br class="">
https://lists.macosforge.org/mailman/listinfo/smartcardservices-users<br class="">
</blockquote>
<br class="">
--<br class="">
Uri the Great<br class="">
<a href="mailto:uri@mit.edu" class="">uri@mit.edu</a><br class="">
<br class="">
<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
SmartcardServices-Users mailing list<br class="">
SmartcardServices-Users@lists.macosforge.org<br class="">
https://lists.macosforge.org/mailman/listinfo/smartcardservices-users<br class="">
</blockquote>
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
<div class="">
<div style="orphans: 2; widows: 2;" class="">--</div>
<div style="orphans: 2; widows: 2;" class="">Uri Blumenthal</div>
<div style="orphans: 2; widows: 2;" class=""><a href="mailto:uri@mit.edu" class="">uri@mit.edu</a></div>
</div>
<br class="">
</body>
</html>