How to Install opensc and Required Smart Card Reader Drivers

 | Updated March 16, 2021 | Categories Tutorials

OpenSC is a set of open source tools and libraries for smart cards which provides management of smart card (creation of PKCS#15 file structure and accessing smart cards using PKCS#11 API) . Smart Card or HSM (hardware security module) used for multiple purposes such as storage of cryptographic keys for web browser (Firefox) and email client (Thunder bird).

According to OpenSC web site, It supports following family of smart cards in the openSC package.

  • OpenPGP Card
  • MyEID
  • WestCOS
  • SetCOS
  • Cyberflex
  • CardOs
  • STARCOS
  • ASEPCOS
  • SmartCardHsm
  • FTCOSPK01C

Smart Card Readers

Smart card reader used  to access the data store in the file structure of smart card. Driver program for the CCID (Chip/Smart Card interface devices) smart card readers required to access the smart cards. Open source software's PCSC-Lite and OpenCT  are providing drivers for smart card reader devices. However, PCSC-Lite is recommended for CCID readers. OpenCT supports non-standard smart cards on linux platform.

Installation of PCSC-Lite

 Pre requisite

PCSC package required libudev library, so install it by following command which is shown in the below figure.

# apt-get install libudev-dev

libudev library installation

Download PCSC-lite package from alioth.debian.org website and extract it using following command. Downloading and extraction step is shown in the following figures.

# wget https://alioth.debian.org/frs/download.php/file/4126/pcsc-lite-1.8.13.tar.bz2

PCSC-Lite Download

#tar -xf pcsc-lite-1.8.13.tar.bz2

Package Extraction

Run following commands to install the PCSC lite package. These commands are used to install software's from source code on linux platform.

# ./configure

configure script

#make

make command

#make install

make install command

Installation of CCID drivers

Pre requisite

CCID package is dependent on usb development library, install it using following command before CCID compilation from source.

# aptitude install libusb-1.0-0-dev

libusb development library

For the installation of CCID driver for  usb readers, download CCID package from alioth.debian.org website and extract it using following command. Downloading and extraction is shown in the following figure.

# wget https://alioth.debian.org/frs/download.php/file/4111/ccid-1.4.18.tar.bz2

ccid download process

#tar -xf ccid-1.4.18.tar.bz2

extracton of ccid package

Run configure, make and make install commands for the installation of package.

#./configure

configure ccid package

#make

make command

#make install

make install commandAs shown in the above figure, copy 92_pcscd_ccid.rules file from src directory to /etc/udev/rules.d/ directory.

Installation of OpenCT Reader driver

 Prerequisite

OpenCT installation is also dependent on libltdl library, so  following error appears during ./configure command.

openct Configure Error

Libltdl  library  is required for the  successful compilation of openCT package. Installation process of library is shown in following figure.

openct libltdl-dev installation Download OpenCT package from ftp.de.debian.org website and extract it using following command which is also shown in following figures.

# wget http://ftp.de.debian.org/debian/pool/main/o/openct/openct_0.6.20.orig.tar.gz

downloading openct package

#tar -xf openct_0.6.20.orig.tar.gz

extraction of openct

Run following commands for successful compilation of openCT package.

#./configure

openct configure process

#make

openct make process

#make all

openct makeall process

Installation of OpenSC

Now we will install open source tool for smart cards on linux distribution  . OpenSC library supports smart cards of many  vendors and can be installed on both linux and windows platforms.

Prerequisite

OpenSC uses Openssl for certain cryptographic operation on Smart Cards, so that if Openssl development library does not  installed then ./configure script of OpenSC package shows that  Openssl is not supported. It is highlighted in the following figure.

opensc configure error Therefore, first we have to install development library of Openssl using following command.

# apt-get install libssl-dev

libssl-dev for opensc packageDownload OpenSC package from cznic.dl.sourceforge.net website using wget utility.

#wget http://cznic.dl.sourceforge.net/project/opensc/OpenSC/opensc-0.14.0/opensc-0.14.0.tar.gz

opensc downloadExtraction of compress package is shown in the following figure.

#tar -xf opensc-0.14.0.tar.gz

extraction of opensc packageNow run ./configure to check the requirements for OpenSC package which is shown in the figure.

opensc configure processBy default OpenSC uses PCSC-lite for Smart Cards on linux , however it can be enabled using --enable-openct parameter which is shown below.

enable openct for OpenSCOn the completion of ./configure script, it shows following output. It indicates that  Openssl and PCSC lite  packages are installed and supported.

openssl support with openscNext run make and make install commands for OpenSC installation.

#make

opensc make

#make install

opensc makeinstallAfter the successful  installation of  OpenSC software, now run opensc-tool command in the terminal. Following error will appear in the terminal about the loading issue of libopensc.so.3 library. Error shows that required library does not exist on desirable path for opensc-tool command.

opensc-tool library issueTherefore,find the path of OpenSC libraries in the ubuntu distribution and copy under /usr/lib path.

opensc libraries pathCopying process for  OpenSC libraries from /usr/local/lib/libopen*  to /usr/lib is shown in the following figure. After copying process, opensc-tool works properly.

copying opensc librariesRun PCSC daemon from terminal and add new entry  in /etc/rc.local to run it on boot time.

#pcscd

pcscd starting

We can use PC/SC and OpenCT supported smart card readers and OpenSC supported smart cards on Ubuntu system. As we have used sources of all required packages, so same steps will be used for other distributions

Conclusion

In this article, we focused on  the usage of smart cards in Linux environment. We explained the installation of open source packages for smart cards readers and libraries for smart cards access. OpenSC is well-known open source project which provides the libraries for smart card access using PKCS#11. It is also used to perform cryptographic operation on smart cards using OpenSSL library.

More Articles You May Like

5 Comments... add one

  1. Great tutorial! Only problem is that I get this error:
    keytool error: java.lang.reflect.InvocationTargetException when I run this:
    keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/opensc/opensc-java.cfg -keystore NONE -storetype JKS -list -J-Djava.security.debug=sunpkcs11

    Full output-
    SunPKCS11 loading /etc/opensc/opensc-java.cfg
    sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
    Information for provider SunPKCS11-OpenSC
    Library info:
    cryptokiVersion: 2.20
    manufacturerID: OpenSC (www.opensc-project.org)
    flags: 0
    libraryDescription: Smart card PKCS#11 API
    libraryVersion: 0.00
    All slots: -1, 1
    Slots with tokens: (none)
    keytool error: java.lang.reflect.InvocationTargetException

    Reply

  4. Hi Nido, I have USB key - ePass2003Auto and once I perform the above steps I should able to install OpenSC but how will I access or sign my xml file using the digital cert? Can you point me to the process.

    Reply

    • yes.
      after installation of above steps and your usb key will be accessible aif supported by opensc.

      next is generation of public/private key pair & certificate on the token.

      you can create an application which access keys/certificate from the token and perform operation.

      It may be possible that you can perform it on command line if supported by open source tools

      Reply

Leave a Comment