Host: Windows 10
Guest: Ubuntu
Goal: Use PIV for authenticating with NASA Launchpad
I followed the USB guide to set up a filter so that part is already taken care of. When I run pcsc_scan I see the card and it detected it is inserted but when I try to navigate to the login page I get an error saying "Smartcard authentication failed.
Ensure your Smartcard is inserted properly in the card reader, restart your web browser and try to log in again. ". How can I get this resolved?
How to use PIV in Ubuntu VM?
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: How to use PIV in Ubuntu VM?
What software stack is used for this authentication (libraries, middleware, browser)?
-
- Posts: 4
- Joined: 17. Aug 2021, 22:38
Re: How to use PIV in Ubuntu VM?
Browser: Brave/Chrome/FireFox (Any one of these should work. I use Chrome on the host and it works fine)
Middleware/Libraries: OpenSC
I'm not really sure about what all is typically needed to do this as this is a new process for me.
Middleware/Libraries: OpenSC
I'm not really sure about what all is typically needed to do this as this is a new process for me.
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: How to use PIV in Ubuntu VM?
Since you've already checked that the low level pcsc_scan command works inside the VM, the next step would be to test with some mid level commands. Here are some example command templates to start with:
Above this level, there is a whole tree of possible smartcard infrastructure components, and I don't know what is used by Chrome and the NASA websites.
Code: Select all
# OpenSC: Get reader number, card driver name and list of files
#opensc-tool --info --list-readers
#opensc-tool [--reader <num>] --atr --serial --name
#opensc-tool [--reader <num>] [--card-driver <name>] --list-files
-
- Posts: 4
- Joined: 17. Aug 2021, 22:38
Re: How to use PIV in Ubuntu VM?
Here are the results of the commands:
I tried to use the --list-files command but something doesn't appear to lineup.
Attempt using the results of the --name option from above:
Attempt letting opensc-tool use a the default value:
I looked into the --card-driver issue a bit and ran opensc-tool --list-drivers which yielded the following:
After a few attempts I found PIV--II did not result in "Failed to connect to card: Card is invalid or cannot be handled" but left me with the same result as the default attempt earlier:
Code: Select all
$ opensc-tool --info --list-readers
OpenSC 0.21.0 [gcc 9.3.0]
Enabled features: locking readline openssl pcsc(libpcsclite.so.1)
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00
$ opensc-tool --reader 0 --atr --serial --name
3b:d6:97:00:81:b1:fe:45:1f:07:80:31:c1:52:11:18:f9
D0 82 10 D8 41 21 2C 2E 40 9C 85 A1 68 58 30 9E ....A!,.@...hX0.
72 26 B6 A1 80 82 42 57 E7 r&....BW.
Personal Identity Verification Card
$ opensc-tool --reader 0 --atr --serial --name
3b:d6:97:00:81:b1:fe:45:1f:07:80:31:c1:52:11:18:f9
D0 82 10 D8 41 21 2C 2E 40 9C 85 A1 68 58 30 9E ....A!,.@...hX0.
72 26 B6 A1 80 82 42 57 E7 r&....BW.
Personal Identity Verification Card
Attempt using the results of the --name option from above:
Code: Select all
$ opensc-tool --reader 0 --card-driver "Personal Identity Verification Card" --list-files
Driver 'Personal Identity Verification Card' not found!
Code: Select all
$ opensc-tool --reader 0 --list-files
SELECT FILE failed: File not found
Code: Select all
$ opensc-tool --list-drivers
Available card drivers:
cardos Siemens CardOS
flex Schlumberger Multiflex/Cryptoflex
cyberflex Schlumberger Cyberflex
gpk Gemplus GPK
gemsafeV1 Gemalto GemSafe V1 applet
asepcos Athena ASEPCOS
starcos STARCOS
tcos TCOS 3.0
oberthur Oberthur AuthentIC.v2/CosmopolIC.v4
authentic Oberthur AuthentIC v3.1
iasecc IAS-ECC
belpic Belpic cards
incrypto34 Incard Incripto34
akis TUBITAK UEKAE AKIS
entersafe entersafe
epass2003 epass2003
rutoken Rutoken driver
rutoken_ecp Rutoken ECP and Lite driver
myeid MyEID cards with PKCS#15 applet
dnie DNIe: Spanish eID card
MaskTech MaskTech Smart Card
atrust-acos A-Trust ACOS cards
westcos WESTCOS compatible cards
esteid2018 EstEID 2018
idprime Gemalto IDPrime
coolkey COOLKEY
muscle MuscleApplet
sc-hsm SmartCard-HSM
mcrd MICARDO 2.1 / EstEID 3.0 - 3.5
setcos Setec cards
PIV-II Personal Identity Verification Card
cac Common Access Card (CAC)
itacns Italian CNS
isoApplet Javacard with IsoApplet
openpgp OpenPGP card
jpki JPKI(Japanese Individual Number Cards)
npa German ID card (neuer Personalausweis, nPA)
cac1 Common Access Card (CAC 1)
default Default driver for unknown cards
Code: Select all
$ opensc-tool --reader 0 --card-driver PIV-II --list-files
SELECT FILE failed: File not found
-
- Posts: 4
- Joined: 17. Aug 2021, 22:38
Re: How to use PIV in Ubuntu VM?
Okay, so I feel a little silly now. All I needed to do was two steps:
1. Sudo apt-get update -y && sudo apt-get install -y opensc
2. Load a new FireFox module and specify the path: ./usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so
I may have gotten something mixed up with another attempt as the same library was in /user/lib but setting the path to that did not work. I had to uninstall all of the packages from the other attempts and remove a few libraries then those two steps worked for me.
1. Sudo apt-get update -y && sudo apt-get install -y opensc
2. Load a new FireFox module and specify the path: ./usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so
I may have gotten something mixed up with another attempt as the same library was in /user/lib but setting the path to that did not work. I had to uninstall all of the packages from the other attempts and remove a few libraries then those two steps worked for me.
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: How to use PIV in Ubuntu VM?
Thanks for reporting back, it may help the next user with a PIV-II smartcard. And I'm glad that you could solve your problem.