[Tokend-Dev] Getting OpenSC.tokend to work on Snow Leopard

João Poupino joao.poupino at ist.utl.pt
Wed Sep 16 14:52:05 PDT 2009 

Hi All,

I'm trying to build a working OpenSC tokend [1] on Snow Leopard, but  
unfortunately I'm facing some issues and can't really understand what  
could be the cause.

I've successfully built OpenSC.tokend on Snow Leopard through two  
different methods: using darwinbuild and through a modified Xcode  
project [2]  provided by Martin Paljak. In both methods the result the  
same: a tokend that (almost) works.

The generated tokend binary supports both the i386 and x86_64  
architectures. When I insert the smart card, the tokend is correctly  
started, all keys and certificates are shown in keychain access, and  
all seems to be working fine. But, when I try to login locally  
(loginwindow) or with Safari to a site, it simply fails. It doesn't  
crash, but it doesn't appear to be doing anything at all. All  
exchanged APDUs are ok, which leads me to believe that the problem  
might not be with libopensc (that the tokend uses to communicate with  
the card) but in the tokend code itself…

The OpenSC.tokend code being used it at [3].

Some notes:

Trying to unlock the keychain associated with the tokend works.
If I try to login locally with a smart card, the following message can  
be seen in /var/log/secure.log: authorizationhost[2237]: failed to  
sign data (-2147416018)
OpenSC's command line tools (pkcs11-tool, pkcs15-tool, etc.) and the  
PKCS #11 module (opensc-pkcs11.so) work fine.

Could anyone explain how does one properly debugs a tokend? I'm not  
referring to lower level debugging methods like capturing APDUs and  
such - I'm ok with that. I've tried putting some debug statements in  
the tokend code but all seems "ok". Is there any way to follow the  
execution flow of the Tokend and maybe even securityd? I think that  
without having the big picture of the architecture (what components  
exist, what is their relationship, how do they interact, what do they  
expect, …) it will be pretty difficult to find the problem.

If anyone can help, I would be really grateful!

Thank you.

João

[1] - http://www.opensc-project.org/sca/wiki/OpenscTokend
[2] - http://wiki.github.com/martinpaljak/opensc.tokend
[3] - http://www.opensc-project.org/sca/browser/trunk/opensc.tokend/OpenSC

More information about the Tokend-Dev mailing list