Smartcards

This page explains how to setup your system in order to use a smart card reader.

Related articles

Installation

Install ccid and opensc.

If the card reader does not have a PIN pad, append the line(s) and set enable_pinpad = false in the opensc configuration file /etc/opensc.conf.

Note: The package ccid provides a generic USB interface driver for smart card reader. If the smart card at hand is not supported by the generic driver or simply it needs a specific one, feel free to install the best for that device.

Start and/or enable the pcscd.service.

Scan for card reader

Install and start the pcsc_scan utility, then connect the Smart card reader and finally insert a card. If you see output like this, the smart card reader and also the card have been successfully recognized.

Note: In this example the smart card reader is an Alcor Micro AU9560 and the inserted card is an Italian CNS card.

Configuration

Mozilla Firefox

The browser needs to set the new security-related device. Open the Security Devices page (reach it via Preferences > Privacy & Security > Certificates), then click Load and set the Module Name to CAC Module and module filename to .

Chromium

Chromium uses NSS. Open a shell in your home directory and verify that the CAC Module is not already present:

If not, close any browser and add the module (an user interaction for confirmation is required):

Check for the correct execution of the command:

Tips and tricks

Smargo/TV Card reader

When interfacing with a TV-card for live TV and recording (PVR/DVR), you may need to assign the smartcard reader to the user group allowing decryption. When using a Smargo Smartreader consider the following udev rule:

Set as the reader device when using softcam applications like OSCam.

p11tool

If using packages from the GnuTLS suite which utilize p11-kit, such as p11tool, the the OpenSC driver might not properly load. This can be determined if you run and you do not see your hardware token in the list.

Install the package in order to enable loading of the OpenSC module.

Alternatively, it is possible to manually create a file that allows the OpenSC driver to be properly loaded:

/usr/share/p11-kit/modules/opensc.module
module: opensc-pkcs11.so

Troubleshooting

Firefox can't access data

If the browser is not able to use the smart card data, probably it is not aware of the service which provides access to the device. This happens if you plug in the smart card reader after you open Firefox. To solve this issue, simply restart Firefox.

LIBUSB_ERROR_BUSY

PC/SC can conflict with GnuPG for access to smartcards. See Ludovic Rousseau's blog and GnuPG#GnuPG with pcscd (PCSC Lite).

gollark: If you want representation to be based on rural-ness or not and not, well, actual vote count, it should be structured more sensibly.
gollark: He's on here, although might not read this channel much.
gollark: I have no idea where to find economists on demand. Also they seem to disagree on everything.
gollark: Some offense, but generalized offense, not directed at you specifically.
gollark: Random people on the internet are also not really good economists.

See also
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.