OpenSC is a set of open source tools and libraries for smart cards which provides management of smart card (creation of PKCS#15 file structure and accessing smart cards using PKCS#11 API) . Smart Card or HSM (hardware security module) used for multiple purposes such as storage of cryptographic keys for web browser (Firefox) and email client (Thunder bird).
According to OpenSC web site, It supports following family of smart cards in the openSC package.
- OpenPGP Card
- MyEID
- WestCOS
- SetCOS
- Cyberflex
- CardOs
- STARCOS
- ASEPCOS
- SmartCardHsm
- FTCOSPK01C
Smart Card Readers
Smart card reader used to access the data store in the file structure of smart card. Driver program for the CCID (Chip/Smart Card interface devices) smart card readers required to access the smart cards. Open source software's PCSC-Lite and OpenCT are providing drivers for smart card reader devices. However, PCSC-Lite is recommended for CCID readers. OpenCT supports non-standard smart cards on linux platform.
Installation of PCSC-Lite
Pre requisite
PCSC package required libudev library, so install it by following command which is shown in the below figure.
# apt-get install libudev-dev
Download PCSC-lite package from alioth.debian.org website and extract it using following command. Downloading and extraction step is shown in the following figures.
# wget https://alioth.debian.org/frs/download.php/file/4126/pcsc-lite-1.8.13.tar.bz2
#tar -xf pcsc-lite-1.8.13.tar.bz2
Run following commands to install the PCSC lite package. These commands are used to install software's from source code on linux platform.
# ./configure
#make
#make install
Installation of CCID drivers
Pre requisite
CCID package is dependent on usb development library, install it using following command before CCID compilation from source.
# aptitude install libusb-1.0-0-dev
For the installation of CCID driver for usb readers, download CCID package from alioth.debian.org website and extract it using following command. Downloading and extraction is shown in the following figure.
# wget https://alioth.debian.org/frs/download.php/file/4111/ccid-1.4.18.tar.bz2
#tar -xf ccid-1.4.18.tar.bz2
Run configure, make and make install commands for the installation of package.
#./configure
#make
#make install
As shown in the above figure, copy 92_pcscd_ccid.rules file from src directory to /etc/udev/rules.d/ directory.
Installation of OpenCT Reader driver
Prerequisite
OpenCT installation is also dependent on libltdl library, so following error appears during ./configure command.
Libltdl library is required for the successful compilation of openCT package. Installation process of library is shown in following figure.
Download OpenCT package from ftp.de.debian.org website and extract it using following command which is also shown in following figures.
# wget http://ftp.de.debian.org/debian/pool/main/o/openct/openct_0.6.20.orig.tar.gz
#tar -xf openct_0.6.20.orig.tar.gz
Run following commands for successful compilation of openCT package.
#./configure
#make
#make all
Installation of OpenSC
Now we will install open source tool for smart cards on linux distribution . OpenSC library supports smart cards of many vendors and can be installed on both linux and windows platforms.
Prerequisite
OpenSC uses Openssl for certain cryptographic operation on Smart Cards, so that if Openssl development library does not installed then ./configure script of OpenSC package shows that Openssl is not supported. It is highlighted in the following figure.
Therefore, first we have to install development library of Openssl using following command.
# apt-get install libssl-dev
Download OpenSC package from cznic.dl.sourceforge.net website using wget utility.
#wget http://cznic.dl.sourceforge.net/project/opensc/OpenSC/opensc-0.14.0/opensc-0.14.0.tar.gz
Extraction of compress package is shown in the following figure.
#tar -xf opensc-0.14.0.tar.gz
Now run ./configure to check the requirements for OpenSC package which is shown in the figure.
By default OpenSC uses PCSC-lite for Smart Cards on linux , however it can be enabled using --enable-openct parameter which is shown below.
On the completion of ./configure script, it shows following output. It indicates that Openssl and PCSC lite packages are installed and supported.
Next run make and make install commands for OpenSC installation.
#make
#make install
After the successful installation of OpenSC software, now run opensc-tool command in the terminal. Following error will appear in the terminal about the loading issue of libopensc.so.3 library. Error shows that required library does not exist on desirable path for opensc-tool command.
Therefore,find the path of OpenSC libraries in the ubuntu distribution and copy under /usr/lib path.
Copying process for OpenSC libraries from /usr/local/lib/libopen* to /usr/lib is shown in the following figure. After copying process, opensc-tool works properly.
Run PCSC daemon from terminal and add new entry in /etc/rc.local to run it on boot time.
#pcscd
We can use PC/SC and OpenCT supported smart card readers and OpenSC supported smart cards on Ubuntu system. As we have used sources of all required packages, so same steps will be used for other distributions
Conclusion
In this article, we focused on the usage of smart cards in Linux environment. We explained the installation of open source packages for smart cards readers and libraries for smart cards access. OpenSC is well-known open source project which provides the libraries for smart card access using PKCS#11. It is also used to perform cryptographic operation on smart cards using OpenSSL library.
Great tutorial! Only problem is that I get this error:
keytool error: java.lang.reflect.InvocationTargetException when I run this:
keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg /etc/opensc/opensc-java.cfg -keystore NONE -storetype JKS -list -J-Djava.security.debug=sunpkcs11
Full output-
SunPKCS11 loading /etc/opensc/opensc-java.cfg
sunpkcs11: Initializing PKCS#11 library /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
Information for provider SunPKCS11-OpenSC
Library info:
cryptokiVersion: 2.20
manufacturerID: OpenSC (www.opensc-project.org)
flags: 0
libraryDescription: Smart card PKCS#11 API
libraryVersion: 0.00
All slots: -1, 1
Slots with tokens: (none)
keytool error: java.lang.reflect.InvocationTargetException
hi,
Can you share what you are doing? can you share the installed version of java on your machine
keytool comes with java and how you are linking it with OpenSC ? it would be good if you share details for further help
Hi Nido, I have USB key - ePass2003Auto and once I perform the above steps I should able to install OpenSC but how will I access or sign my xml file using the digital cert? Can you point me to the process.
yes.
after installation of above steps and your usb key will be accessible aif supported by opensc.
next is generation of public/private key pair & certificate on the token.
you can create an application which access keys/certificate from the token and perform operation.
It may be possible that you can perform it on command line if supported by open source tools