Login with smart card (PC/SC)

Similar Messages

• Digital Signatures with Smart Cards

  Hi folks,
  It is my first time with digital signatures on R/3 system. I’m at customer that uses smart cards (hardware cryptography). We are doing the SAPCRYPTOLIB and front end installations. After finish these tasks, we need to implement the signatures into 3 workflow processes. I already read the SSF programmers guide, API specifications and SSF user guide. But I still have some doubts:
  The SSF profile is stored into smart card with private key information, but where are the public keys stored? (PAB – Private Address Book of my trusted circle).
  Do I need the CRLs? Note: this is only for workflow processes that run inside of customer landscape; this is not a B2B scenario.
  We don’t have clear yet how we sign the data; we are thinking sign a BOR object. Create an attribute and use it to pass the signer data. Note: for the customer, the objective is user authenticity guarantee.
  The BOR object instance ends when the flows finish, so wee need to store the signed data for auditable reasons. A database table can be a good approach or there is another standard way?
  P.S.: anyone have documentation about this subject, something like how-to with guidelines?
  Thanks in advance,
  Ricardo.
  Message was edited by:
          Ricardo  Quintino

  The SmartCard device is present at the frontend PC - and that's the place where the digital signature operation has to take place. Important is the "What You See Is What You Sign" principle: it has to be ensured that the data that is to be signed (using the private key stored on the SmartCard) is exactly the same as the one that is displayed to the user.
  Notice: there is a different scenario where the server is signing the data (after prompting the user for userID and password and validating that information).
  The signed data is then transported back to the server where it is stored (to ensure auditibility); usually you'll have to keep the (archived) data for years; the public key need to be archived as well.
  Notice: it is possible to attach the certificate (-> public key) which has been used to sign the data to the signed data.
  Regards, Wolfgang

• Signing with Smart Card (PKCS#11)

  I'm trying to sign my .jar with ActivCard smart card and jarsigner.exe, but I got NullPointerException. I have succeeded to get list of certificates present on smart card. Is there better PKCS#11 provider then sun.security.pkcs11.SunPKCS11?

  I receive the following error message when trying to sing a jar file using a PKI card:
  jarsigner: Certificate chain not found for: Random.  Random must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.This is the command line:
  "C:\Program Files\Java\jdk1.5.0_04\bin\jarsigner" -keystore NONE -storetype PKCS11 -signedjar D:\Work_Java\Random\sRandom.jar -verbose D:\Work_Java\Random\Random.jar RandomWhat does this mean?

• Help with Smart Card (CAC) reader installation

  Need help connecting my smart card reader to my Mac Book Pro. Either using Fire Fox, Explorer using Parallels with windows XP, or safari. I downloaded all the documentation from the Army AKO and still have problems with my Card reader.

  Hi there, I have written a really good "How-to" on firefox and CAC and also Safari. You might also want to try VMware since Parallels and DoD really don't mix at this time. If yu have any question please let me know.
  Jonathan
  http://www.applemacgeniusville.com

• Controlling Access to OS with Smart Card

  Does any one know if there is a program built within OS X (Tiger) or either a third party program that will allow a machine running Tiger to be set up to only be accessed when using a "Smart Card" (similar to the system used on a lot of government machines)?
  Also, where would a person obtain the Smart Card to use with the program. Thanks!!!

  You might look into a hardware product called "SecuriKey":
  http://www.securikey.com/mac_security.html
  =
  There was a MacWorld review a few years ago of what might have been an earlier version:
  http://www.macworld.com/article/42927/2005/02/securikey.html

• Pls help me with smart card problem

  Hi,
  currently, i'm developing a system for my final year project. i've developed a webpage in PHP for clinic management. i also implement smart card in my system. the point of it is to make it easier for both parties - doctor and patient. each time patient comes to receive treatment, doc will check patient's smart card on previous drugs prescription. so then, doc will update it based on the treatment given on that day.
  the problem is, how i want to transmit the data from smart card to be displayed in the php page? maybe i should use applet but i don't know how.
  does anybody has applet source code on transmitting data from smart card to php page?
  i wud b really appreciate it...... thanks in advance.

  Have you checked the Schlumberger web site?
  What do you mean by "parsing from applet to php"? Parsing really isn't a data transfer method except maybe in a very tenuous sense.
  And do you really mean an applet (a small program run on the client and embedded in a web page) or are you using it as shorthand for any java program?
  If an applet, I suppose you could:
  1) use javascript to connect the applet to the web page, which would just happen to be created using PHP. So it would be all client-side operation.
  2) use HttpURLConnection (or, God help you, direct socket connections) to connect to a web server and interact with PHP to give/get data. In this case it would be client/server behavior, but the applet would have minimal interaction with the PHP page it's embedded in.
  3) Make it really fun (i.e.: complicated) by using javascript to connect to the page, and then use AJAX to connect to the server. I have no idea whether that's even possible using PHP.
  Maybe there are other options I haven't thought of.

• Logging into Windows Server 2012 from Remote Desktop requires "Connect with Smart Card"; how do I disable this?

  I am using pretty much the default setup. I cannot figure out how to disable this. I do not want to use smart cards.
  Any ideas?

  Does this mean you're trying to RDP from an XP box, therfore have the Remote Desktop feature on the server set to "less secure"? Sounds like thats what disables network authentication, prompting the Smart Card request.
  If you simply click to login as a different user, you can login without a smart card, to include the same user as was being prompted for the card.
  I expect if you choose the Remote Desktop feature requires network authentication on the server, the smart card requirement goes away, but you'll need to login from Win7 or newer clients. Not sure where Vista falls, probably okay too.

• PKCS#11 with Smart card

  Hi
  I'm new to smart card technologies. I need some help regarding this. I have to write a application which will store the keys in a smart card. I'm suppose to use pkcs# 11. I don't know from where to start. Can anyone tell me the what to do. I'm using REINER SCT cyberJack e-com USB card reader. Is there any sample code for PKCS11 to write to smart card.

  I receive the following error message when trying to sing a jar file using a PKI card:
  jarsigner: Certificate chain not found for: Random.  Random must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.This is the command line:
  "C:\Program Files\Java\jdk1.5.0_04\bin\jarsigner" -keystore NONE -storetype PKCS11 -signedjar D:\Work_Java\Random\sRandom.jar -verbose D:\Work_Java\Random\Random.jar RandomWhat does this mean?

• Compiling rdesktop with Smart Card support?

  Hello,
  I've tried like the dikens to compile "rdesktop" (an open source solution to connect Windoze PCs using Microsoft RDP protocol). I can compile and run the source code, but I find it impossible to compile in smart card support. I've tried everything to get the "pcsc-lite" components to compile in - but I'm too much of a makefile noob I'm afraid.
  Anyone know how to do this?
  There's a related discussion at http://discussions.apple.com/thread.jspa?messageID=8652963.
  Any help appreciated
  ~Matt

  Hi,
  Thank you for posting in Windows Server Forum.
  In a Remote Desktop scenario, a user is using a remote server for running services, and the smart card is local to the computer that the user is using. In a smart card logon scenario, the smart card service on the remote server redirects to the smart card reader
  connected to the local computer where the user is trying to log on. You can refer following article for details.
  Smart Card and Remote Desktop Services
  http://technet.microsoft.com/en-us/library/ff404286(v=ws.10).aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Help with smart card.

  I just finished my 2nd semester of taking Java. I'm a decent program using GUI. I want to learn how to program smart card and start my own business like a gaming center.
  this is my question. What kind of teminal i need to get?
  will any terminal read any type of smart card?
  How do I start learning how to program smart card?
  any idea or suggesting are more than welcome thanks in advance.

  any idea?

• Wrong PIN when initializing RSACryptoServiceProvider with smart card

  I get a "wrong PIN" exception initializing RSACryptoServiceProvider this way in Visual Studio C++ 2012:
  array<System::Byte>^ Sign(array<System::Byte>^ BinDataToSign, X509Certificate2^ Certificate, String^ ProviderName)
  //Set Password
  System::Security::SecureString^ secString = gcnew System::Security::SecureString();
  secString->AppendChar(wchar_t("1"));
  secString->AppendChar(wchar_t("1"));
  secString->AppendChar(wchar_t("1"));
  secString->AppendChar(wchar_t("1"));
  System::Security::AccessControl::CryptoKeySecurity^ cryptoSecurityKey = gcnew System::Security::AccessControl::CryptoKeySecurity();
  CspParameters^ cspa = gcnew CspParameters(1, ProviderName, "8ed9f3ef2dffe62d154f2d82546c337521096e", cryptoSecurityKey, secString);
  RSACryptoServiceProvider^ csp = gcnew RSACryptoServiceProvider(cspa);
  That is not the actual pin in the example, but I have checked and verified that I am using the correct PIN. Maybe it has something to do with character type convertion when appending to the secure string?

  Maybe it has something to do with character type convertion when appending to the secure string?
  Hi Andrius, Why not set a breakpointer in your function and step by step debugging your code? So you could see the value of secString and any others variables. If you get a unexpect value, so you will know where make the problem in your code. Anything you
  want to know, please don't hesitate and post it here.
  Check this:
  https://msdn.microsoft.com/en-us/library/system.security.securestring.appendchar(v=vs.110).aspx
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How to enable my macbook pro to login with cac card access instead of traditional username and password?

  Someone please help me figure this out.

  Assuming that you are using a recent build of OS X, go to /Applications/Utilities and launch the app called Keychain Access. Go to the Window pulldown menu and select "Keychain First Aid". Enter your password, set the radio button to "Repair", and click "Start".

• Smart card login

  Hi Guys,
  I have just enabled smart card login to my mac but want to disable the password login option (i.e. I can login with smart card but if I don't plugin the card reader/card, I am prompted for password login). How can I enforce smart card only login?
  Many Thanks
  Michael

  Are you getting all user icons, plus the smartcard icon, or just the smartcard icon and "Other..." ?
  If the latter, then disable root user (which displays the "Other..." prompt on the login window, even if smartcards login is enabled).

• Smart card logon with third party CA combined with ADFS to Office 365

  Greetings,
  I've been trying figure out how to implement ADFS to Office 365 in MS cloud in our environment, with little luck. I have a working 2012 domain and we are already using smart card logon on Windows 7/8 workstations. Certificates on smart cards are issued by
  3rd party CA. This far every thing is fine and working, necessary root certificates are added to trusted Trusted Root Certification Authorities, UPN suffixes and users' UPNs are set according to UPN on the certificates and users successfully log on to
  workstations with smart cards.
  Now I face the requirement to enable SSOto Office 365 with accounts from our AD. I've been told by our MS partner and Dr. Google that in order to do that user account name (upn) in AD and in O365 need to match. Now the fact that account UPN in our AD is
  not usable in O365 (because it is set to match 3rd party certificate UPN) and I have not found a way to enable smart card log on without changing UPN in AD. 
  Does anyone has experience of such a configuration? Is it possible to use AD federation to O365 at all in our case?
  Best regards, and thanks in advance
  Timo

  On Fri, 25 Apr 2014 09:27:05 +0000, Timo Kallioniemi wrote:
  Now I face the requirement to enable SSOto Office 365 with accounts from our AD. I've been told by our MS partner and Dr. Google that in order to do that user account name (upn) in AD and in O365 need to match. Now the fact that account UPN in our AD
  is not usable in O365 (because it is set to match 3rd party certificate UPN) and I have not found a way to enable smart card log on without changing UPN in AD. 
  Does anyone has experience of such a configuration? Is it possible to use AD federation to O365 at all in our case?
  This is not a general Windows server security issue. You should post your
  question in an O365 support forum.
  http://community.office365.com/en-us/f/default.aspx
  Paul Adare - FIM CM MVP
  Technology is dominated by two types of people: Those who understand
  what they do not manage. Those who manage what they do not understand.
  -- Putt's Law

• Proxy to use SATSA (or apdutool) with real smart-card

  Hi!
  I tried to communicate with smart card applet emulated in cref (jcwde also) from midlet via SATSA. But java card development kit includes only stub classes for javacardx.crypto - so I cannot even emulate applet which uses crypto though I can install it on real java card where it works well.
  So, I've written proxy which acts in place of cref (or jcwde), receives APDU from SATSA and forwards them to applet on real smart card. It is in alpha stage but does job for me.
  Is anyone else interested in it?
  I started registration of project on sourceforge to make it publicly available.

  the above problem is solved now. i am able to run WTK satsademo now..
  but the problem is that the eeprom image which i created using java card development kit is not working with WTK emulator..
  is this because of that protocol difference problem..
  i have downloaded ur proxy application but the problem is that i hv to simulate every thing..
  so is this proxy can be used to forward request to the java card emulator instead of the real card applet?
  plz help me....