How to use PIV in Ubuntu VM?

Discussions about using Linux guests in VirtualBox.
Post Reply
cogito_ergo_sum
Posts: 4
Joined: 17. Aug 2021, 22:38

How to use PIV in Ubuntu VM?

Post by cogito_ergo_sum »

Host: Windows 10
Guest: Ubuntu
Goal: Use PIV for authenticating with NASA Launchpad

I followed the USB guide to set up a filter so that part is already taken care of. When I run pcsc_scan I see the card and it detected it is inserted but when I try to navigate to the login page I get an error saying "Smartcard authentication failed.
Ensure your Smartcard is inserted properly in the card reader, restart your web browser and try to log in again. ". How can I get this resolved?
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: How to use PIV in Ubuntu VM?

Post by fth0 »

What software stack is used for this authentication (libraries, middleware, browser)?
cogito_ergo_sum
Posts: 4
Joined: 17. Aug 2021, 22:38

Re: How to use PIV in Ubuntu VM?

Post by cogito_ergo_sum »

Browser: Brave/Chrome/FireFox (Any one of these should work. I use Chrome on the host and it works fine)
Middleware/Libraries: OpenSC

I'm not really sure about what all is typically needed to do this as this is a new process for me.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: How to use PIV in Ubuntu VM?

Post by fth0 »

Since you've already checked that the low level pcsc_scan command works inside the VM, the next step would be to test with some mid level commands. Here are some example command templates to start with:

Code: Select all

# OpenSC: Get reader number, card driver name and list of files
#opensc-tool --info --list-readers
#opensc-tool [--reader <num>] --atr --serial --name
#opensc-tool [--reader <num>] [--card-driver <name>] --list-files
Above this level, there is a whole tree of possible smartcard infrastructure components, and I don't know what is used by Chrome and the NASA websites.
cogito_ergo_sum
Posts: 4
Joined: 17. Aug 2021, 22:38

Re: How to use PIV in Ubuntu VM?

Post by cogito_ergo_sum »

Here are the results of the commands:

Code: Select all

$ opensc-tool --info --list-readers
OpenSC 0.21.0 [gcc  9.3.0]
Enabled features: locking readline openssl pcsc(libpcsclite.so.1)
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             Generic Smart Card Reader Interface [Smart Card Reader Interface] (20070818000000000) 00 00

$ opensc-tool --reader 0 --atr --serial --name
3b:d6:97:00:81:b1:fe:45:1f:07:80:31:c1:52:11:18:f9
D0 82 10 D8 41 21 2C 2E 40 9C 85 A1 68 58 30 9E ....A!,.@...hX0.
72 26 B6 A1 80 82 42 57 E7                      r&....BW.
Personal Identity Verification Card

$ opensc-tool --reader 0 --atr --serial --name
3b:d6:97:00:81:b1:fe:45:1f:07:80:31:c1:52:11:18:f9
D0 82 10 D8 41 21 2C 2E 40 9C 85 A1 68 58 30 9E ....A!,.@...hX0.
72 26 B6 A1 80 82 42 57 E7                      r&....BW.
Personal Identity Verification Card
I tried to use the --list-files command but something doesn't appear to lineup.
Attempt using the results of the --name option from above:

Code: Select all

$ opensc-tool --reader 0 --card-driver "Personal Identity Verification Card" --list-files
Driver 'Personal Identity Verification Card' not found!
Attempt letting opensc-tool use a the default value:

Code: Select all

$ opensc-tool --reader 0 --list-files
SELECT FILE failed: File not found
I looked into the --card-driver issue a bit and ran opensc-tool --list-drivers which yielded the following:

Code: Select all

$ opensc-tool --list-drivers
Available card drivers:
  cardos           Siemens CardOS
  flex             Schlumberger Multiflex/Cryptoflex
  cyberflex        Schlumberger Cyberflex
  gpk              Gemplus GPK
  gemsafeV1        Gemalto GemSafe V1 applet
  asepcos          Athena ASEPCOS
  starcos          STARCOS
  tcos             TCOS 3.0
  oberthur         Oberthur AuthentIC.v2/CosmopolIC.v4
  authentic        Oberthur AuthentIC v3.1
  iasecc           IAS-ECC
  belpic           Belpic cards
  incrypto34       Incard Incripto34
  akis             TUBITAK UEKAE AKIS
  entersafe        entersafe
  epass2003        epass2003
  rutoken          Rutoken driver
  rutoken_ecp      Rutoken ECP and Lite driver
  myeid            MyEID cards with PKCS#15 applet
  dnie             DNIe: Spanish eID card
  MaskTech         MaskTech Smart Card
  atrust-acos      A-Trust ACOS cards
  westcos          WESTCOS compatible cards
  esteid2018       EstEID 2018
  idprime          Gemalto IDPrime
  coolkey          COOLKEY
  muscle           MuscleApplet
  sc-hsm           SmartCard-HSM
  mcrd             MICARDO 2.1 / EstEID 3.0 - 3.5
  setcos           Setec cards
  PIV-II           Personal Identity Verification Card
  cac              Common Access Card (CAC)
  itacns           Italian CNS
  isoApplet        Javacard with IsoApplet
  openpgp          OpenPGP card
  jpki             JPKI(Japanese Individual Number Cards)
  npa              German ID card (neuer Personalausweis, nPA)
  cac1             Common Access Card (CAC 1)
  default          Default driver for unknown cards
After a few attempts I found PIV--II did not result in "Failed to connect to card: Card is invalid or cannot be handled" but left me with the same result as the default attempt earlier:

Code: Select all

$ opensc-tool --reader 0 --card-driver PIV-II --list-files
SELECT FILE failed: File not found
cogito_ergo_sum
Posts: 4
Joined: 17. Aug 2021, 22:38

Re: How to use PIV in Ubuntu VM?

Post by cogito_ergo_sum »

Okay, so I feel a little silly now. All I needed to do was two steps:
1. Sudo apt-get update -y && sudo apt-get install -y opensc
2. Load a new FireFox module and specify the path: ./usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so

I may have gotten something mixed up with another attempt as the same library was in /user/lib but setting the path to that did not work. I had to uninstall all of the packages from the other attempts and remove a few libraries then those two steps worked for me.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: How to use PIV in Ubuntu VM?

Post by fth0 »

Thanks for reporting back, it may help the next user with a PIV-II smartcard. And I'm glad that you could solve your problem.
Post Reply