Choose style:

Author Topic: PIV OR CAC card reader  (Read 1217 times)

0 Members and 1 Guest are viewing this topic.

Offline ScubaSteve

  • Jr. Member
  • **
  • Posts: 33
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): PeppermintOS 8 64 bit
PIV OR CAC card reader
« on: April 04, 2018, 10:50:21 pm »
Trying to use the Citrix App in Chromium for remote access at work, but need a PIV or CAC card reader installed first. Anyone been success with this? Plugging to the USB does nothing right now.

Offline ScubaSteve

  • Jr. Member
  • **
  • Posts: 33
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): PeppermintOS 8 64 bit
Re: PIV OR CAC card reader
« Reply #1 on: April 04, 2018, 10:54:04 pm »
Code: [Select]
steve@steve-ThinkPad-T430 ~ $ inxi -Fz
System:    Host: steve-ThinkPad-T430 Kernel: 4.13.0-32-generic x86_64 (64 bit)
           Desktop: N/A Distro: Peppermint Eight
Machine:   System: LENOVO (portable) product: 2344BPU v: ThinkPad T430
           Mobo: LENOVO model: 2344BPU v: Win8 Pro DPK TPG
           Bios: LENOVO v: G1ETA7WW (2.67 ) date: 12/08/2014
CPU:       Dual core Intel Core i7-3520M (-HT-MCP-) cache: 4096 KB
           clock speeds: max: 3600 MHz 1: 2893 MHz 2: 2893 MHz 3: 2893 MHz
           4: 2893 MHz
Graphics:  Card-1: Intel 3rd Gen Core processor Graphics Controller
           Card-2: NVIDIA GF108M [NVS 5400M]
           Display Server: X.Org 1.19.5 driver: nvidia
           Resolution: 1600x900@60.00hz
           GLX Renderer: NVS 5400M/PCIe/SSE2 GLX Version: 4.5.0 NVIDIA 384.111
Audio:     Card Intel 7 Series/C210 Series Family High Definition Audio Controller
           driver: snd_hda_intel
           Sound: Advanced Linux Sound Architecture v: k4.13.0-32-generic
Network:   Card-1: Intel 82579LM Gigabit Network Connection driver: e1000e
           IF: enp0s25 state: down mac: <filter>
           Card-2: Intel Centrino Advanced-N 6205 [Taylor Peak] driver: iwlwifi
           IF: wlp3s0 state: up mac: <filter>
Drives:    HDD Total Size: 500.1GB (4.3% used)
           ID-1: /dev/sda model: HGST_HTS725050A7 size: 500.1GB
Partition: ID-1: / size: 451G used: 13G (3%) fs: ext4 dev: /dev/sda1
           ID-2: swap-1 size: 8.27GB used: 0.00GB (0%) fs: swap dev: /dev/sda5
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 63.0C mobo: N/A gpu: 59C
           Fan Speeds (in rpm): cpu: 3994
Info:      Processes: 197 Uptime: 1:07 Memory: 1386.6/7678.5MB
           Client: Shell (bash) inxi: 2.2.35

Offline emegra

  • Global Moderator
  • Veteran
  • *****
  • Posts: 1839
  • Karma: 402
  • New Forum User
    • View Profile
  • Peppermint version(s): Peppermint 9 64bit
Re: PIV OR CAC card reader
« Reply #2 on: April 05, 2018, 12:59:06 am »
Hi Steve
I know nothing about these card readers but you may need to install coolkey and pcsc-tool both are in the repos
the first thing would be to find out if the system is seeing it, could you post the output of the following
Code: [Select]
lsusb



Here's some info that might help setting it up in Firefox (I know you're using Chromium but it might help)

https://militarycac.com/PDFs/Mint15_CAC_CARD_Instructions.pdf



Good luck



Graeme
« Last Edit: April 06, 2018, 01:05:44 am by emegra »
If you can keep your head while all around are losing theirs then you're not quite grasping the situation

Offline ScubaSteve

  • Jr. Member
  • **
  • Posts: 33
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): PeppermintOS 8 64 bit
Re: PIV OR CAC card reader
« Reply #3 on: April 05, 2018, 11:46:22 pm »
So it looks like it will read the SCR (smart card reader), but nothing when I put the CAC/PIV card in. I would imagine this means I need the coolkeys and PCSC stuff. I will install tomorrow.

I have read that CAC guide, but will definitely need some help deciphering. The first hurdle crossed though. I appreciate the help.

Code: [Select]
steve@steve-ThinkPad-T430 ~ $ lsusb
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 005: ID 04f2:b2db Chicony Electronics Co., Ltd
Bus 001 Device 004: ID 0a5c:21e6 Broadcom Corp. BCM20702 Bluetooth 4.0 [ThinkPad]
Bus 001 Device 003: ID 147e:2020 Upek TouchChip Fingerprint Coprocessor (WBF advanced mode)
Bus 001 Device 007: ID 04e6:5116 SCM Microsystems, Inc. SCR331-LC1 / SCR3310 SmartCard Reader
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24444
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: PIV OR CAC card reader
« Reply #4 on: April 06, 2018, 10:54:19 am »
Yep, looks like you need to install
Code: [Select]
sudo apt-get install libpcsclite1 pcscd pcsc-tools
then import your CA certificate.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline christianvl

  • Member
  • ***
  • Posts: 190
  • Karma: 32
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: PIV OR CAC card reader
« Reply #5 on: April 06, 2018, 12:30:11 pm »
Here is what I do here in Brazil

Code: [Select]
sudo apt install libengine-pkcs11-openssl libp11-2 libpcsc-perl libccid libpcsclite1 pcscd pcsc-tools libasedrive-usb opensc libssl1.0.0 openssl libopensc-openssl

Then

Code: [Select]
sudo addgroup scard 

sudo adduser “YOUR-USERNAME” scard

then you'll need to install the driver for the card reader. This will depend on the model you're using.

I usually use this one http://www.validcertificadora.com.br/upload/downloads/linux64bits/safesignidentityclient_3.0.77-Ubuntu_amd64.deb

But you'll have to force install it, because it depends on some packages that are no longer available in Ubuntu.

Code: [Select]
sudo dpkg --force-all -i safesignidentityclient_3.0.77-Ubuntu_amd64.deb

And then

Code: [Select]
sudo pluma /var/lib/dpkg/status

Do a "ctrl+f" find for “safesign”, look for the field "depends" and delete libwxbase2.8-0 (>= 2.8.12.1) and libwxgtk2.8-0 (>= 2.8.12.1)

Mind that you still have to install your certificates.

EDIT
Corrected a typo
Thank you PCNetSpec!

EDIT 2
Corrected other typo in the commands
« Last Edit: April 08, 2018, 07:33:49 am by christianvl »
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline ScubaSteve

  • Jr. Member
  • **
  • Posts: 33
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): PeppermintOS 8 64 bit
Re: PIV OR CAC card reader
« Reply #6 on: April 07, 2018, 03:55:42 pm »
So I have completed this.

Code: [Select]
steve@steve-ThinkPad-T430 ~ $ sudo apt-get install libpcsclite1 pcscd pcsc-tools
[sudo] password for steve:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
libpcsclite1 is already the newest version (1.8.14-1ubuntu1.16.04.1).
libpcsclite1 set to manually installed.
The following packages were automatically installed and are no longer required:
  fonts-linuxlibertine linux-headers-4.4.0-101 linux-headers-4.4.0-101-generic
  linux-image-4.4.0-101-generic linux-image-extra-4.4.0-101-generic
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  libccid libpcsc-perl
Suggested packages:
  pcmciautils
The following NEW packages will be installed:
  libccid libpcsc-perl pcsc-tools pcscd
0 upgraded, 4 newly installed, 0 to remove and 209 not upgraded.
Need to get 273 kB of archives.
After this operation, 928 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 libpcsc-perl amd64 1.4.14-1build1 [43.8 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 libccid amd64 1.4.22-1ubuntu0.1 [85.8 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 pcsc-tools amd64 1.4.25-1 [87.7 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 pcscd amd64 1.8.14-1ubuntu1.16.04.1 [55.7 kB]
Fetched 273 kB in 0s (892 kB/s)
Selecting previously unselected package libpcsc-perl.
(Reading database ... 351252 files and directories currently installed.)
Preparing to unpack .../libpcsc-perl_1.4.14-1build1_amd64.deb ...
Unpacking libpcsc-perl (1.4.14-1build1) ...
Selecting previously unselected package libccid.
Preparing to unpack .../libccid_1.4.22-1ubuntu0.1_amd64.deb ...
Unpacking libccid (1.4.22-1ubuntu0.1) ...
Selecting previously unselected package pcsc-tools.
Preparing to unpack .../pcsc-tools_1.4.25-1_amd64.deb ...
Unpacking pcsc-tools (1.4.25-1) ...
Selecting previously unselected package pcscd.
Preparing to unpack .../pcscd_1.8.14-1ubuntu1.16.04.1_amd64.deb ...
Unpacking pcscd (1.8.14-1ubuntu1.16.04.1) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for bamfdaemon (0.5.3~bzr0+16.04.20160824-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for desktop-file-utils (0.22-1ubuntu5.1) ...
Processing triggers for mime-support (3.59ubuntu1) ...
Processing triggers for systemd (229-4ubuntu21.1) ...
Processing triggers for ureadahead (0.100.0-19) ...
ureadahead will be reprofiled on next reboot
Setting up libpcsc-perl (1.4.14-1build1) ...
Setting up libccid (1.4.22-1ubuntu0.1) ...
Setting up pcsc-tools (1.4.25-1) ...
Setting up pcscd (1.8.14-1ubuntu1.16.04.1) ...
Processing triggers for systemd (229-4ubuntu21.1) ...
Processing triggers for ureadahead (0.100.0-19) ...

But than hit a snag. Terminal says only root can add group, and I have no clue what that means. Moreover I got an error when trying to install the driver. Please see below, and thanks for all the help with this guys.

Code: [Select]
steve@steve-ThinkPad-T430 ~ $ addgroup scard 
addgroup: Only root may add a user or group to the system.
steve@steve-ThinkPad-T430 ~ $ sudo dpkg –force-all -i safesignidentityclient_3.0.77-Ubuntu_amd64.deb
[sudo] password for steve:
dpkg: error: need an action option

Type dpkg --help for help about installing and deinstalling packages [*];
Use 'apt' or 'aptitude' for user-friendly package management;
Type dpkg -Dhelp for a list of dpkg debug flag values;
Type dpkg --force-help for a list of forcing options;
Type dpkg-deb --help for help about manipulating *.deb files;

Options marked [*] produce a lot of output - pipe it through 'less' or 'more' !

Offline AndyInMokum

  • Global Moderator
  • Hero
  • *****
  • Posts: 4808
  • Karma: 1011
  • "Keep on Rockin' in the Free World"
    • View Profile
  • Peppermint version(s): PM 9 & PM 8 Respin-2 (64-bit)
Re: PIV OR CAC card reader
« Reply #7 on: April 07, 2018, 10:43:23 pm »
When you see that message, it's telling you only the root user can execute that command.  Root in Linux has administration rights for everything.  This is very powerful; unfortunately it's also leaves your computer very vulnerable to mistakes and wandering hands  :(.   Basically, you don't want to run your computer as root.  Working from your regular user account, you only have admin rights for things in your user account and things you've granted permission to do.  This regular user account, is the one you sign into when you start your computer.  To safely get around this root user issue, we preface the command with sudo.  This temporarily gives you root user privileges.  I think by default, you have to re-enter your password/passphrase after 15 mins  :-\.  Anyway, it's only temporary access  ;).

This permissions based structure, is inherited from UNIX.  It's brilliantly simple and elegant.  It's what makes Linux so secure.  Don't worry you'll get the hang of it.  It's just a little alien to you at the moment  ;).
« Last Edit: April 08, 2018, 08:24:03 am by AndyInMokum, Reason: Spelling »
Backup! Backup! Backup! If you're missing any of these -  you ain't Backed Up!
For my system info please L/click HERE.

Offline christianvl

  • Member
  • ***
  • Posts: 190
  • Karma: 32
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: PIV OR CAC card reader
« Reply #8 on: April 08, 2018, 07:32:14 am »
But than hit a snag. Terminal says only root can add group, and I have no clue what that means. Moreover I got an error when trying to install the driver. Please see below, and thanks for all the help with this guys.

Code: [Select]
steve@steve-ThinkPad-T430 ~ $ addgroup scard 
addgroup: Only root may add a user or group to the system.
steve@steve-ThinkPad-T430 ~ $ sudo dpkg –force-all -i safesignidentityclient_3.0.77-Ubuntu_amd64.deb
[sudo] password for steve:
dpkg: error: need an action option

Type dpkg --help for help about installing and deinstalling packages [*];
Use 'apt' or 'aptitude' for user-friendly package management;
Type dpkg -Dhelp for a list of dpkg debug flag values;
Type dpkg --force-help for a list of forcing options;
Type dpkg-deb --help for help about manipulating *.deb files;

Options marked [*] produce a lot of output - pipe it through 'less' or 'more' !

I'm the one to blame here. I'm sorry, there's a typo (another one) on my post, I'll edit again.

You're supposed to be the sys admin (root) to make the changes. Just add the word sudo befor the commands:

Code: [Select]
sudo addgroup scard 
sudo adduser “YOUR-USERNAME” scard

Replace the word "your-username" with your actual username (I believe it's steve).

For running the dpkg command, it should have been a "--" instead of a "–" (thank you autocorrect). See it again:

Code: [Select]
sudo dpkg --force-all -i safesignidentityclient_3.0.77-Ubuntu_amd64.deb
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline ScubaSteve

  • Jr. Member
  • **
  • Posts: 33
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): PeppermintOS 8 64 bit
Re: PIV OR CAC card reader
« Reply #9 on: April 08, 2018, 03:39:13 pm »
No blame Christianvl, I obviously need a lot of hand-holding on this. So the good news is the output for the PIV card reader appears to be working. Please see below. I have taken out some of the info but it does seem to be reading. Still don't think I have successfully installed the drivers though. When I try to access Citrix it instantly says no.

Code: [Select]
steve@steve-ThinkPad-T430 ~ $ pcsc_scan
PC/SC device scanner
V 1.4.25 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.14
Using reader plug'n play mechanism
Scanning present readers...
0: SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311724217924) 00 00

Sun Apr  8 15:37:48 2018
Reader 0: SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311724217924) 00 00
  Card state: Card inserted,
  ATR: 3B DB 96 00 80 1F 03 00 31 C0 64 B0 F3 10 00 0F 90 00 88

ATR: 3B DB 96 00 80 1F 03 00 31 C0 64 B0 F3 10 00 0F 90 00 88
+ TS = 3B --> Direct Convention
+ T0 = DB, Y(1): 1101, K: 11 (historical bytes)
  TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
    250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
  TC(1) = 00 --> Extra guard time: 0
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0
-----
  TD(2) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
  TA(3) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A 5V B 3V
+ Historical bytes: 00 31 C0 64 B0 F3 10 00 0F 90 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 3, len: 1 (card service data byte)
      Card service data byte: C0
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET RECORD(s) command
        - Card with MF
    Tag: 6, len: 4 (pre-issuing data)
      Data: B0 F3 10 00
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 0F (unknown)
      SW: 9000 (Normal processing.)
+ TCK = 88 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):

  ** here it lists the agency I work for and a number of codes**

But than...

Code: [Select]
steve@steve-ThinkPad-T430 ~ $ sudo dpkg --force-all -i safesignidentityclient_3.0.77-Ubuntu_amd64.deb
dpkg: error processing archive safesignidentityclient_3.0.77-Ubuntu_amd64.deb (--install):
 cannot access archive: No such file or directory
Errors were encountered while processing:
 safesignidentityclient_3.0.77-Ubuntu_amd64.deb

That is why I am assuming I have not downloaded the driver correctly. Does that sound right. Again thanks for all the help guys.

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 1891
  • Karma: 322
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: PIV OR CAC card reader
« Reply #10 on: April 08, 2018, 04:19:20 pm »
If you've got the file in your Downloads directory, first you need to

Code: [Select]
cd Downloads

Offline christianvl

  • Member
  • ***
  • Posts: 190
  • Karma: 32
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: PIV OR CAC card reader
« Reply #11 on: April 10, 2018, 10:07:40 pm »
Don't give up!

As murraymint pointed, you have to run the dpkg command on the same directory you've downloaded the file.

Code: [Select]
cd Downloads
sudo dpkg --force-all -i safesignidentityclient_3.0.77-Ubuntu_amd64.deb
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24444
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: PIV OR CAC card reader
« Reply #12 on: April 11, 2018, 10:34:29 am »
I've fixed the dependency issues in safesignidentityclient_3.0.77-Ubuntu_amd64.deb so it now depends on:-

libwxgtk3.0-0v5 instead of libwxgtk2.8-0
and
libwxbase3.0-0v5 instead of libwxbase2.8-0

You can find the fixed safesignidentityclient_3.0.77-Ubuntu_edited-for-xenial-to-bionic_amd64.deb attached below .. just download it, and double-click it to install.



[EDIT]

Also attached a fixed 32bit version safesignidentityclient_3.0.77-Ubuntu_edited-for-xenial-to-bionic_i386.deb

[EDIT2]

If for some reason you ever want to uninstall:-
Code: [Select]
sudo apt-get remove --purge safesignidentityclient
« Last Edit: April 11, 2018, 11:03:09 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline christianvl

  • Member
  • ***
  • Posts: 190
  • Karma: 32
  • The Wheel weaves as the Wheel wills
    • View Profile
  • Peppermint version(s): 9
Re: PIV OR CAC card reader
« Reply #13 on: April 11, 2018, 10:49:29 am »
I've fixed the dependency issues in safesignidentityclient_3.0.77-Ubuntu_amd64.deb so it now depends on:-

libwxgtk3.0-0v5 instead of libwxgtk2.8-0
and
libwxbase3.0-0v5 instead of libwxbase2.8-0

You can find the fixed safesignidentityclient_3.0.77-Ubuntu_edited-for-xenial-to-bionic_amd64.deb attached below .. just download it, and double-click it to install.

 :o

Thank you very much!

I'll test it ASAP!
There are neither beginnings or endings to the turning of the Wheel of Time. But it was a beginning.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24444
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: PIV OR CAC card reader
« Reply #14 on: April 11, 2018, 11:08:53 am »
Make sure you get the 64bit version (amd64) if you're running Peppermint 7/8 64bit.

or the 32bit version (i386) if you're running Peppermint 7/8 32bit. ;)



NOTE

If for some reason you accidentally installed the 32bit version in 64bit Peppermint 7/8 .. running these commands in sequence should fix things:
Code: [Select]
sudo apt-get remove --purge safesignidentityclient:i386 libccid:i386 pcscd:i386
then:
Code: [Select]
sudo apt-get autoremove
then:
Code: [Select]
sudo apt-get install --reinstall libccid pcscd
then go ahead and download and install the 64bit version :)

I only mentioned this because I notice someone has downloaded the 32bit version.
« Last Edit: April 11, 2018, 11:24:48 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec