Tuesday, February 3, 2009

Using smart card browser authentication in Ubuntu

To use smart card authentication in Firefox on Ubuntu 8.10 you have to install pcscd, a working card reader driver (if the built in ccid does not work for you) and a pkcs#11 module.

This example works for Ubuntu 8.10. In my case I have an OmniKey CardMan 3021 USB card reader and a smart card with 2048 bit RSA keys. To be able to use 2048 bit keys using the OmniKey reader I have to use their driver.

- Download driver from omnikey.com and put in /tmp

# sudo su -
# apt-get install pcscd
# cd /tmp
# tar -zxvf ifdokccid_lnx_x64-3.5.1.tar.gz
# cd /usr/lib/pcsc/drivers
# cp -r /tmp/ifdokccid_lnx_x64-3.5.1/ifdokccid_lnx_x64-3.5.1.bundle .
# rm -rf ifd-ccid.bundle/
# /etc/init.d/pcscd restart
# apt-get install mozilla-opensc

Finally open pkcs11.html in Firefox and click "Install opensc in linux".

--- pkcs11.html ---
<HTML>
<HEAD>
<TITLE>opensc</TITLE>
</HEAD>
<BODY>
<SCRIPT>
PKCS11_PUBLIC_READ_CERT = 0x1<<28;
function doInstallPkcs11Windows()
{
pkcs11.addmodule("opensc", "opensc-pkcs11.dll", PKCS11_PUBLIC_READ_CERT, 0);
}
function doInstallPkcs11Linux()
{
pkcs11.addmodule("opensc", "opensc-pkcs11.so", PKCS11_PUBLIC_READ_CERT, 0);
}
function doUninstallPkcs11()
{
pkcs11.deletemodule("opensc");
}
</SCRIPT>
<a href=javascript:doInstallPkcs11Linux();>Install opensc in Linux</a><br>
<a href=javascript:doInstallPkcs11Windows();>Install opensc in Windows</a><br>
<a href=javascript:doUninstallPkcs11();>Uninstall opensc</a><br>
</BODY>
</HTML>