Thursday, March 29, 2007

Enable CAC card in Linux and Firefox.

Or, How to get the ActivCard Gold USB 2.0 CAC Card working in Linux Ubuntu 6.10.

First you will need a windows box to flash the device. Follow the instructions here.
Once it is flashed to a SCR-331 make it work in Linux. Install the necessary software.

sudo apt-get install pcscd pcsc-tools libpcsclite1 libpcsclite-dev libccid

Plug in your flashed reader and the light should flash to see if it is working do:

sudo /etc/init.d/pcscd stop
sudo pcscd -f


Then put in your card if it is working you will see a 
Card ATR: XX XX XX XX XX XX XX
line.

Now to get it working in Firefox, you need coolkey.
get the latest version here.
Go where you downloaded cool key and untar it,

tar -xvzf coolkey-1.1.0.tar.gz
cd coolkey-1.1.0
./configure


You need to have a compiler installed, Ubuntu does not ship with one by default.
If this works do

make
sudo make install

Now open Firefox and go to:
Edit->Preferences->Advanced
Choose the Security tab and then Security Devices.
Choose Load, give it a name - I named this device ActivCard Gold USB
For Module browse to /usr/local/lib/pkcs11/libcoolkeypk11.so and click Open and Ok.
Wait and click Ok again. It should successfully add a new security module.

Now you need to add the DoD Root Certificates, get them here:
http://www.installroot.com/

On this page I Clicked on DoD Root then clicked the three certificate links. In the Downloading Certificate dialog I clicked on all three check boxes for each certificate.

Now you should be able to log-in. Be sure to choose your email cert when accessing your email.

You can check that it is working by going to www.my.af.mil and logging in.
If you have problems with the email site you may need to go to
Edit->Preferences->Security and under Certificates click on Ask Me Every Time, otherwise Firefox tries to login with the non-email certificate.

References
http://gentoo-wiki.com/HOWTO_DoD_CAC
http://pcsclite.alioth.debian.org/ccid.html
http://symbolik.wordpress.com/2007/02/26/scm-scr-331-usb-smartcard-reader-firmware-upgrade/
Posted by Beerjerk at 10:10 PM
Labels: ,

2 comments:

Beerjerk said...

Posted by the clueless american at http://www.thecluelessamerican.net/archives/2007/07/after_my_own_he.html
After my own heart...

Mmmm... Unexplained Bacon: Enable CAC card in Linux and Firefox Now, this person has comments turned off so I can't write them, but tell me honestly, is this my twin brother? Simpsons, Firefox, Linux, MythTV, DoD employee...I'm going to have......

July 25, 2007 9:04 AM
DoomedTX said...

Heh...glad to see you're back in business. I have your site bookmarked but haven't looked in a while. I decided to move my own blog http://www.thecluelessamerican.net/ from MovableType to Wordpress, so we'll see how that goes for a while.

July 18, 2009 11:21 AM

Post a Comment

Subscribe to: Post Comments (Atom)