How to check that smart card is working on linux?

人走茶凉 提交于 2019-12-24 03:44:13

问题


I've a PKCS-11 supported smartcard? I just want to check that my the smartcard is working fine or not. How can check it on Ubuntu? Please guide me. what software I can use? how what steps should I follow?


回答1:


It is important to understand that PKCS#11 standard just defines the C language API to access smartcards and other types of cryptographic hardware (or even software). It is usually hardware vendor who provides software library (.dll for windows, .so for unix etc.) that implements PKCS#11 API and is able to access the hardware (smartcard in your case). Your application usually loads PKCS#11 library and uses PKCS#11 API functions it provides.

In most cases it is the best to use PKCS#11 library provided by your smartcard vendor but there are also many independent software vendors such as A.E.T. or Aloaha who provide smartcard middleware (software package that usually contains PKCS#11 library) that can access a bunch of widely used smartcards. You can also take a look at OpenSC project which provides an open source PKCS#11 library that supports many popular smartcards and USB tokens.

Now let's get back to your questions:

Do I have a PKCS-11 supported smartcard?

You have to check whether there exists a library (open source or commercial) that implements PKCS#11 API and supports your smartcard. If you can find such a library then the answer is yes.

How can I check it on Ubuntu?

If you already have PKCS#11 library then you can install "opensc" package which provides command line application called "pkcs11-tool". You can use following command to list readers and cards accessible via your PKCS#11 library:

pkcs11-tool --module your_pkcs11_library.so --list-slots

If you want to use PKCS#11 library provided by OpenSC project then just replace "your_pkcs11_library.so" with "opensc-pkcs11.so".

What software I can use?

PKCS#11 is widely supported standard so this question is hard to answer. I guess you would like to use open source applications with your smartcard because you have mentioned Ubuntu so here is the short list of well known applications that support PKCS#11:

  • Mozilla Firefox - supports digital signature and client authentication
  • Mozilla Thunderbird - supports digital signing of e-mails
  • LibreOffice - supports digital signing of documents
  • TrueCrypt - supports disk encryption
  • OpenVPN - supports client authentication
  • OpenSSH - supports client authentication



回答2:


To verify Ubuntu sees your smartcard reader and identity card:

  1. Install libusb-1.0-0-dev pcsc-lite pcscd pcsc-tools

The following tools will be installed:

  • pcscd - systemctl status pcscd - sometimes the card reader crashes this daemon, so you may need to restart it.
  • opensc-explorer - it searches and displays smartcard readers attached
  • opensc-tool - Options will provide detailed information about your smartcard reader.
  • pcsc_scan - will show you smartcard reader and its status. It should show your identity card inserted, as well as when you take it out. If it displays waiting on reader - restart the pcscd service and try again.

The following link describes this more in detail and setting up firefox/chrome for certificates https://cubiclenate.com/linux/applications/utilities/dod-cac-ubuntu-linuxmint/



来源:https://stackoverflow.com/questions/22550440/how-to-check-that-smart-card-is-working-on-linux

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!