Archive for the 'CAC Reader' Category

CAC Reader Support in Gentoo

Published on March 11, 2010 in CAC Reader, Firefox and Gentoo. 0 Comments

This might not be new, but it was defiantly new to me.  I found a package in portage that grants the ability to install your own CAC card reader, integrate it with Firefox and use your certificates to log into government sites that you have the proper access to.  It’s great for people who don’t want to use a virtual machine alternative solution, and additionally, you don’t have to purchase any additional software like ActivCard Gold.

Simply emerge the following, start the init script, and install the additional certificates into Firefox, and your CAC should work.

app-crypt/ccid
sys-apps/pcsc-lite
app-crypt/coolkey

… and for the init script

# /etc/init.d/pcscd start
# rc-update add pcscd default

Lastly, installing the DoD Certificates:

The Certs:

The easiest way to install the certificates is by visitinghttp://dodpki.c3pki.chamb.disa.mil/rootca.html and clicking on each one.

Alternatively, you can download them and install them by hand.

All of the certificates are located at the following links:

Sadly, there is no quick way to manually add the certs, and I had to load all 45 certs by hand. It shouldn’t take more than 10 minutes, however, you have to load each one, click Okay, and then start the new one, you can’t just load all of them before clicking Okay.

To add the certs manually, simply go to Edit >> Preferences. Once the window appears, go to the Advanced tab, and then the Encryption sub tab. Click on the View Certificates button. Go to the Authorities tab, and click the import button. Navigate to the first certificate, and then add it. Click okay, then repeat the steps starting at the Import button again.

After you have loaded all of the certs, and before you can use your card, you have to point Firefox to the CAC reader. Firefox considers your reader to be a “Security Device.” To add it, simply go to Edit >> Preferences. Once the window appears, go to the Advanced tab, and then the Encryption sub tab. Click on the Security Devices button. You need to select CAC Module and add the path to libcoolkeypk11.so. You can either slocate it on your system, or if you have a 64bit, then point it to /usr/lib64/pkcs11/libcoolkeypk11.so. You should be prompted for your password and after that you are set.

MAKE SURE YOU DO NOT ENTER YOUR PASSWORD WRONG 3 TIMES OR IT WILL LOCK YOUR CARD, AND YOU WILL HAVE TO GET YOUR CARD PROVIDER TO UNLOCK IT!