How to Install opensc and Required Smart Card Reader Drivers

 | Updated March 16, 2021 | Categories Tutorials

OpenSC is a set of open source tools and libraries for smart cards which provides management of smart card (creation of PKCS#15 file structure and accessing smart cards using PKCS#11 API) . Smart Card or HSM (hardware security module) used for multiple purposes such as storage of cryptographic keys for web browser (Firefox) and email client (Thunder bird).

According to OpenSC web site, It supports following family of smart cards in the openSC package.

  • OpenPGP Card
  • MyEID
  • WestCOS
  • SetCOS
  • Cyberflex
  • CardOs
  • STARCOS
  • ASEPCOS
  • SmartCardHsm
  • FTCOSPK01C

Smart Card Readers

Smart card reader used  to access the data store in the file structure of smart card. Driver program for the CCID (Chip/Smart Card interface devices) smart card readers required to access the smart cards. Open source software's PCSC-Lite and OpenCT  are providing drivers for smart card reader devices. However, PCSC-Lite is recommended for CCID readers. OpenCT supports non-standard smart cards on linux platform.

Installation of PCSC-Lite

 Pre requisite

PCSC package required libudev library, so install it by following command which is shown in the below figure.

# apt-get install libudev-dev
libudev library installation

Download PCSC-lite package from alioth.debian.org website and extract it using following command. Downloading and extraction step is shown in the following figures.

# wget https://alioth.debian.org/frs/download.php/file/4126/pcsc-lite-1.8.13.tar.bz2
PCSC-Lite Download
#tar -xf pcsc-lite-1.8.13.tar.bz2
Package Extraction

Run following commands to install the PCSC lite package. These commands are used to install software's from source code on linux platform.

# ./configure
configure script
#make
make command
#make install
make install command

Installation of CCID drivers

Pre requisite

CCID package is dependent on usb development library, install it using following command before CCID compilation from source.

# aptitude install libusb-1.0-0-dev
libusb development library

For the installation of CCID driver for  usb readers, download CCID package from alioth.debian.org website and extract it using following command. Downloading and extraction is shown in the following figure.

# wget https://alioth.debian.org/frs/download.php/file/4111/ccid-1.4.18.tar.bz2
ccid download process
#tar -xf ccid-1.4.18.tar.bz2
extracton of ccid package

Run configure, make and make install commands for the installation of package.

#./configure
configure ccid package
#make
make command
#make install
make install command

As shown in the above figure, copy 92_pcscd_ccid.rules file from src directory to /etc/udev/rules.d/ directory.

Installation of OpenCT Reader driver

 Prerequisite

OpenCT installation is also dependent on libltdl library, so  following error appears during ./configure command.

openct Configure Error

Libltdl  library  is required for the  successful compilation of openCT package. Installation process of library is shown in following figure.

openct libltdl-dev installation

Download OpenCT package from ftp.de.debian.org website and extract it using following command which is also shown in following figures.

# wget http://ftp.de.debian.org/debian/pool/main/o/openct/openct_0.6.20.orig.tar.gz
downloading openct package
#tar -xf openct_0.6.20.orig.tar.gz
extraction of openct

Run following commands for successful compilation of openCT package.

#./configure
openct configure process
#make
openct make process
#make all
openct makeall process

Installation of OpenSC

Now we will install open source tool for smart cards on linux distribution  . OpenSC library supports smart cards of many  vendors and can be installed on both linux and windows platforms.

Prerequisite

OpenSC uses Openssl for certain cryptographic operation on Smart Cards, so that if Openssl development library does not  installed then ./configure script of OpenSC package shows that  Openssl is not supported. It is highlighted in the following figure.

opensc configure error

Therefore, first we have to install development library of Openssl using following command.

# apt-get install libssl-dev
libssl-dev for opensc package

Download OpenSC package from cznic.dl.sourceforge.net website using wget utility.

#wget http://cznic.dl.sourceforge.net/project/opensc/OpenSC/opensc-0.14.0/opensc-0.14.0.tar.gz
opensc download

Extraction of compress package is shown in the following figure.

#tar -xf opensc-0.14.0.tar.gz
extraction of opensc package

Now run ./configure to check the requirements for OpenSC package which is shown in the figure.

opensc configure process

By default OpenSC uses PCSC-lite for Smart Cards on linux , however it can be enabled using --enable-openct parameter which is shown below.

enable openct for OpenSC

On the completion of ./configure script, it shows following output. It indicates that  Openssl and PCSC lite  packages are installed and supported.

openssl support with opensc

Next run make and make install commands for OpenSC installation.

#make
opensc make
#make install
opensc makeinstall

After the successful  installation of  OpenSC software, now run opensc-tool command in the terminal. Following error will appear in the terminal about the loading issue of libopensc.so.3 library. Error shows that required library does not exist on desirable path for opensc-tool command.

opensc-tool library issue

Therefore,find the path of OpenSC libraries in the ubuntu distribution and copy under /usr/lib path.

opensc libraries path

Copying process for  OpenSC libraries from /usr/local/lib/libopen*  to /usr/lib is shown in the following figure. After copying process, opensc-tool works properly.

copying opensc libraries

Run PCSC daemon from terminal and add new entry  in /etc/rc.local to run it on boot time.

#pcscd
pcscd starting

We can use PC/SC and OpenCT supported smart card readers and OpenSC supported smart cards on Ubuntu system. As we have used sources of all required packages, so same steps will be used for other distributions

Conclusion

In this article, we focused on  the usage of smart cards in Linux environment. We explained the installation of open source packages for smart cards readers and libraries for smart cards access. OpenSC is well-known open source project which provides the libraries for smart card access using PKCS#11. It is also used to perform cryptographic operation on smart cards using OpenSSL library.

5 Comments... add one

  1. Great tutorial! Only problem is that I get this error:
    keytool error: java.lang.reflect.InvocationTargetException when I run this:
    keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/opensc/opensc-java.cfg -keystore NONE -storetype JKS -list -J-Djava.security.debug=sunpkcs11

    Full output-
    SunPKCS11 loading /etc/opensc/opensc-java.cfg
    sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
    Information for provider SunPKCS11-OpenSC
    Library info:
    cryptokiVersion: 2.20
    manufacturerID: OpenSC (www.opensc-project.org)
    flags: 0
    libraryDescription: Smart card PKCS#11 API
    libraryVersion: 0.00
    All slots: -1, 1
    Slots with tokens: (none)
    keytool error: java.lang.reflect.InvocationTargetException

    Reply

  4. Hi Nido, I have USB key - ePass2003Auto and once I perform the above steps I should able to install OpenSC but how will I access or sign my xml file using the digital cert? Can you point me to the process.

    Reply

    • yes.
      after installation of above steps and your usb key will be accessible aif supported by opensc.

      next is generation of public/private key pair & certificate on the token.

      you can create an application which access keys/certificate from the token and perform operation.

      It may be possible that you can perform it on command line if supported by open source tools

      Reply

Leave a Comment