<div dir="ltr">Hello,<br><div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-07 21:00 GMT+02:00 Luca Accomazzi <span dir="ltr"><<a href="mailto:misterakko@gmail.com" target="_blank">misterakko@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">First, a bit of context.<br>
<br>
I hold a doctorate on computer science, and it’s possibile that I’ve been using Apple computers since before you were born (this is a picture of the first original software package I bought: <a href="https://cuoredimela.accomazzi.it/images/1-software-per-apple-ii.jpg" rel="noreferrer" target="_blank">https://cuoredimela.accomazzi.<wbr>it/images/1-software-per-<wbr>apple-ii.jpg</a>) but I know next to nothing about smartcards (even if I am familiar with DH theorem, keys, certificates, yadda-yadda).<br></blockquote><div><br></div><div>I was born at that time :-)<br><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Now for the problem. All Italian citizens are issues one of these smartcards:<br>
<a href="http://www.migrando.it/UserFiles/Image/News/454_sanitatesserasanitaria.jpg" rel="noreferrer" target="_blank">http://www.migrando.it/<wbr>UserFiles/Image/News/454_<wbr>sanitatesserasanitaria.jpg</a><br>
we normally use them at the doctor’s and inside hospitals to be identified and to get appointments.<br>
<br>
For my next book, I’m trying to understand how it might be possible to use Macs to access some social services that a few Italian regions and the national administration are supposed to offer to their citizens via those things. Most administrations here ignore Mac users, all official websites but one do not offer instructions for macOS, the one that does suggests an incredibly byzantine procedure mandating the use of Firefox and last updated during Mavericks’s lifetime.<br>
<br>
For example, I’m supposed to be able to go here<br>
<a href="https://telematicisc.agenziaentrate.gov.it/ClientReg/Abilitazione/AbilitaSmartCardVerifica.do" rel="noreferrer" target="_blank">https://telematicisc.<wbr>agenziaentrate.gov.it/<wbr>ClientReg/Abilitazione/<wbr>AbilitaSmartCardVerifica.do</a><br>
do a first access using my card and a PIN I’ve been issued, then go here<br>
<a href="https://telematicisc.agenziaentrate.gov.it/ClientAuth/Login" rel="noreferrer" target="_blank">https://telematicisc.<wbr>agenziaentrate.gov.it/<wbr>ClientAuth/Login</a><br>
and pay my taxes or ask for refunds.<br>
<br>
I’ve been googling the issue for the last couple of days and nobody here seems to make head or tails of this. I could only find a document saying that the card contains an X.509 certificate, RSA 1024 bit public-private keys and a few other personal identification informations.<br>
My dream is to be able to take the darn private key from my card (I do have a reader at hand, it’s an ACR38 from these guys: <a href="http://www.acs.com.hk/en/driver/4/acr38-smart-card-reader/" rel="noreferrer" target="_blank">http://www.acs.com.hk/en/<wbr>driver/4/acr38-smart-card-<wbr>reader/</a>) , save it in the Keychain and forget about the smartcard. If I were asked to engineer a security system I would not allow copying the private key, though, so I realize this is likely impossible.<br>
<br>
Help please (and I probably left of quite a few important details, so ask me anything).<br></blockquote><div><br></div><div>It looks like your card is supported by OpenSC.<br clear="all"></div></div><a href="https://github.com/OpenSC/OpenSC/wiki/Italian-CNS-and-CIE">https://github.com/OpenSC/OpenSC/wiki/Italian-CNS-and-CIE</a><br><br>" All <span>CNS</span>/<span>CIE</span> cards carry one X.509 certificate with its public and private keys, mostly used for on-line authentication via <span>SSL</span>. Encryption, decryption, signature with this certificate is the basic functionality currently supported by the `itacns` driver. "<br><br></div><div class="gmail_extra">Good luck.<br><br></div><div class="gmail_extra">Regards,<br><br></div><div class="gmail_extra">-- <br><div class="gmail_signature"> Dr. Ludovic Rousseau</div>
</div></div></div>