[aklug] Re: Common Access Cards - Technical Aspects

From: James Zuelow <James_Zuelow@ci.juneau.ak.us>
Date: Mon Jun 28 2010 - 11:03:01 AKDT

----Original Message----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org] On Behalf
Of Christopher Howard Sent: Monday, June 28, 2010 10:28 AM
To: Alaska Linux Users Group
Subject: [aklug] Re: Common Access Cards - Technical Aspects

>>=20
>=20
> Well, now that I see there are a few people on the list who are
> knowledgeable about CACs, I'll be more specific about what I'm doing.
> We=20
> already use CACs here at work, and some people need them to be able to
> access some of the government web sites we use.
>=20
> The problem is that some people here want to be able to
> automate/script=20
> downloads from sites that require CAC cards for access. So I need to
> do=20
> some kind of scripting to allow the command-line client cURL to be
> able=20
> to use CAC card certificates, and specifically on the Mac OSX
> platform.=20
>=20
> My working approach is to use the Mac OSX keychain utility, which is
> (as=20
> far as I can tell) where the certificates are stored temporarily while
> they are being used by the (Safari) web-browser to access the
> CAC-enabled web site. I'm hoping I can just pull the certificates out
> of=20
> keychain via the "security" utility, and feed them straight into cURL.
>=20
> - --
> Christopher Howard

Don't know about Mac OSX, but Debian has libpcsc-perl [1] and=20
pcsc-tools [2] that might be close to what you're interested in.

If OSX uses the pcsclite library, then these could help you script
use of the cards. If not, then at least the examples might be
Useful to look at. It looks like the "scriptor" utility might be
Something you could use to pull certificates off of the card.

Hope this helps -- your project is well out of my experience level.

[1] http://ludovic.rousseau.free.fr/softwares/pcsc-perl/
[2] http://ludovic.rousseau.free.fr/softwares/pcsc-tools/

James Zuelow

(hand wrapped in an attempt to avoid the dreaded equals-three-dee)
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Jun 28 11:03:09 2010

This archive was generated by hypermail 2.1.8 : Mon Jun 28 2010 - 11:03:09 AKDT