Simulation of smart card
Hi ppl,
I'm a student working on a project of simulation of smart card. It involes no hardware at all so the physical layer transmission is ignored. I'm gonna implement the smart card operation using two programmes "card.c" and "reader.c" in the same computer. Yes, it's C not java, but the idea is the same. I just wanna ask is that the programmes r about the same? I mean what exactly should the reader.c and the card.c do? Is it the reader.c simply sends out commands and then the card.c listens and waits for the commands like the client of a client-server scenario? And then once the card.c receives commands, it extracts the useful data according to the ISO17816-4 and then sends back response and the reader.c again provess the data recoived and sends another commands. And the transmission goes on, is it like that?
Plz give me some hits on these. Desperate for some help really.
Thanz sooo much ppl!!
Franky
Here's what I'm gonna do in the programs.
At the very first, the reader sends a reset RST to teh card and waits for repsonse. The card then responses with answer to reset ATR, this gives all the communications protocol used afterwards, so the card will choose like T=1.
And then the reader sends the GET CHALLENGE command to the card asking for a random number e.g. A and response from the card gives the challenge A to reader.
Reader then sends the encrypted challenge [A] with the EXTERNAL AUTHENTICATE command to card, the card replies with a YES or NO indicating if the challenges match.
Reader sends its challenge B with command INTERNAL AUTHENTICATE, card replies with encrypted challenge .
This finishes the challenge-response operation for mutual authentication. I read from books that the key used to encrypt and decrypt the challenge is the master key. But I have no clue how both entities can get hold of the key beforehand. Maybe there's sth like PKI for that.
And then, should there be a verification by using the PIN? So after this verification, the real data and message exchange should occur rite? And I read from books that some cards require every access to the card to have a PIN verification. Well, I think that's almost it for the security part. And I'll have to find some source on how to make a read application of the smart card, like a payment card or identification card. I think one of the most popular standards for payment card is EMV, and I dunno much for the identification card.
Similar Messages
-
Simulation of Smart Card Application
Hi ppl,
Sorry I have some stupid questions again. It's just after I've read some books but still I'm a little confused about some concepts, I really hope you guys can help me out.
First, in order to simulate the smart card operation. What exactly is needed to implement? I thought it was just the card and the reader, I mean just two programs, one for card and one for reader, talking ato each other. But after I've read some books, some said it involes three entities, the host, that is the application, the terminal, usually the reader, and the card. So I wanna know how many entities are involved actually.
All along I thought it was just two entities, the card and reader communicating using ISO7816-4 commands. But now I saw some books saying the 3 parties version. So is it they're actually talking about different scenarios? If a reader has CPU power then it can generate commands to the card and so there're only two parties. But if the reader is simply a device as an interface for converting the programmed commands into electronic signals for transmission, then 3 entities are needed. Is that the case? Well, this is just my wild guess. So what do you guys think?
Thanz!!
FrankySo you mean that middle ware is actually at the transport level? So yes when I go to the ATM, the prompt that I got is an application that asks me for PIN and so the card is acting on behalf of me and the reader is acting on behalf of the card company? Did I get it right?
And one more thing, so in the ATM scenario, is it assumed that we trust the machine? Bcoz we have to key in the PIN, so if it is compromised, it is a security problem. Or is it bcoz there is already a mutual authentication carried out between the card and the reader so if the I am asked for the PIN, I can trust my card for authenticaing the machine.
And o...last question, more low level, how do the card determine is it is a ATR packet or transmission has already started? I mean how does the card know if it is still negotiating the transmission protocol(T=0 or T=1)or one of the transmission protocols is already in use?
Thanz very much !!
Franky -
Verify user pin on a smart card & load a cap file on a card (with eclipse)
I have been able install JCWDE (Java card development Kit) successfully on eclipse.Basically all I need to do is verify user pin on a smart card.As in first set a pin and then verify it.
To begin with I have referred many tutorials (here: http://www.javaworld.com/jw-07-1999/jw-07-javacard.html?page=1) and implemented the wallet code in eclipse.I have the cap file generated and the scripts generated.I am not sure how to load it on the smart card with eclipse.
I tried to deploy the cap file but it keeps saying connected.Also when we initiate the applet I get the same result.
output:
Java Card 2.2.2 APDU Tool, Version 1.3
Copyright 2005 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.
Opening connection to localhost on port 9032.
Connected.
I have also tried : http://www.cs.ru.nl/E.Poll/hw/practical.html ........ but no luck.
I have the wallet.cap ,wallet.exp ,wallet.jca ,wallet.opt create.script, select,cap-download.scripts files already generated in eclipse.
How does a successfully implemented applet code on a smart card work?How does this wallet code work if it is successfully implemented ? Does it have like some GUI which prompts the user to enter the pin?
Wallet code for reference :
package com.sun.javacard.samples.wallet;
import javacard.framework.*;
public class Wallet extends Applet {
/* constants declaration */
// code of CLA byte in the command APDU header
final static byte Wallet_CLA =(byte)0x80;
// codes of INS byte in the command APDU header
final static byte VERIFY = (byte) 0x20;
final static byte CREDIT = (byte) 0x30;
final static byte DEBIT = (byte) 0x40;
final static byte GET_BALANCE = (byte) 0x50;
// maximum balance
final static short MAX_BALANCE = 0x7FFF;
// maximum transaction amount
final static byte MAX_TRANSACTION_AMOUNT = 127;
// maximum number of incorrect tries before the
// PIN is blockedd
final static byte PIN_TRY_LIMIT =(byte)0x03;
// maximum size PIN
final static byte MAX_PIN_SIZE =(byte)0x08;
// signal that the PIN verification failed
final static short SW_VERIFICATION_FAILED =
0x6300;
// signal the the PIN validation is required
// for a credit or a debit transaction
final static short SW_PIN_VERIFICATION_REQUIRED =
0x6301;
// signal invalid transaction amount
// amount > MAX_TRANSACTION_AMOUNT or amount < 0
final static short SW_INVALID_TRANSACTION_AMOUNT = 0x6A83;
// signal that the balance exceed the maximum
final static short SW_EXCEED_MAXIMUM_BALANCE = 0x6A84;
// signal the the balance becomes negative
final static short SW_NEGATIVE_BALANCE = 0x6A85;
/* instance variables declaration */
OwnerPIN pin;
short balance;
private Wallet (byte[] bArray,short bOffset,byte bLength) {
// It is good programming practice to allocate
// all the memory that an applet needs during
// its lifetime inside the constructor
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
byte iLen = bArray[bOffset]; // aid length
bOffset = (short) (bOffset+iLen+1);
byte cLen = bArray[bOffset]; // info length
bOffset = (short) (bOffset+cLen+1);
byte aLen = bArray[bOffset]; // applet data length
// The installation parameters contain the PIN
// initialization value
pin.update(bArray, (short)(bOffset+1), aLen);
register();
} // end of the constructor
public static void install(byte[] bArray, short bOffset, byte bLength) {
// create a Wallet applet instance
new Wallet(bArray, bOffset, bLength);
} // end of install method
public boolean select() {
// The applet declines to be selected
// if the pin is blocked.
if ( pin.getTriesRemaining() == 0 )
return false;
return true;
}// end of select method
public void deselect() {
// reset the pin value
pin.reset();
public void process(APDU apdu) {
// APDU object carries a byte array (buffer) to
// transfer incoming and outgoing APDU header
// and data bytes between card and CAD
// At this point, only the first header bytes
// [CLA, INS, P1, P2, P3] are available in
// the APDU buffer.
// The interface javacard.framework.ISO7816
// declares constants to denote the offset of
// these bytes in the APDU buffer
byte[] buffer = apdu.getBuffer();
// check SELECT APDU command
if (apdu.isISOInterindustryCLA()) {
if (buffer[ISO7816.OFFSET_INS] == (byte)(0xA4)) {
return;
} else {
ISOException.throwIt (ISO7816.SW_CLA_NOT_SUPPORTED);
// verify the reset of commands have the
// correct CLA byte, which specifies the
// command structure
if (buffer[ISO7816.OFFSET_CLA] != Wallet_CLA)
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
switch (buffer[ISO7816.OFFSET_INS]) {
case GET_BALANCE:
getBalance(apdu);
return;
case DEBIT:
debit(apdu);
return;
case CREDIT:
credit(apdu);
return;
case VERIFY:
verify(apdu);
return;
default:
ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
} // end of process method
private void credit(APDU apdu) {
// access authentication
if ( ! pin.isValidated() )
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
// Lc byte denotes the number of bytes in the
// data field of the command APDU
byte numBytes = buffer[ISO7816.OFFSET_LC];
// indicate that this APDU has incoming data
// and receive data starting from the offset
// ISO7816.OFFSET_CDATA following the 5 header
// bytes.
byte byteRead =
(byte)(apdu.setIncomingAndReceive());
// it is an error if the number of data bytes
// read does not match the number in Lc byte
if ( ( numBytes != 1 ) || (byteRead != 1) )
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
// get the credit amount
byte creditAmount = buffer[ISO7816.OFFSET_CDATA];
// check the credit amount
if ( ( creditAmount > MAX_TRANSACTION_AMOUNT)
|| ( creditAmount < 0 ) )
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ( (short)( balance + creditAmount) > MAX_BALANCE )
ISOException.throwIt(SW_EXCEED_MAXIMUM_BALANCE);
// credit the amount
balance = (short)(balance + creditAmount);
} // end of deposit method
private void debit(APDU apdu) {
// access authentication
if ( ! pin.isValidated() )
ISOException.throwIt(SW_PIN_VERIFICATION_REQUIRED);
byte[] buffer = apdu.getBuffer();
byte numBytes =
(byte)(buffer[ISO7816.OFFSET_LC]);
byte byteRead =
(byte)(apdu.setIncomingAndReceive());
if ( ( numBytes != 1 ) || (byteRead != 1) )
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
// get debit amount
byte debitAmount = buffer[ISO7816.OFFSET_CDATA];
// check debit amount
if ( ( debitAmount > MAX_TRANSACTION_AMOUNT)
|| ( debitAmount < 0 ) )
ISOException.throwIt(SW_INVALID_TRANSACTION_AMOUNT);
// check the new balance
if ( (short)( balance - debitAmount ) < (short)0 )
ISOException.throwIt(SW_NEGATIVE_BALANCE);
balance = (short) (balance - debitAmount);
} // end of debit method
private void getBalance(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// inform system that the applet has finished
// processing the command and the system should
// now prepare to construct a response APDU
// which contains data field
short le = apdu.setOutgoing();
if ( le < 2 )
ISOException.throwIt(ISO7816.SW_WRONG_LENGTH);
//informs the CAD the actual number of bytes
//returned
apdu.setOutgoingLength((byte)2);
// move the balance data into the APDU buffer
// starting at the offset 0
buffer[0] = (byte)(balance >> 8);
buffer[1] = (byte)(balance & 0xFF);
// send the 2-byte balance at the offset
// 0 in the apdu buffer
apdu.sendBytes((short)0, (short)2);
} // end of getBalance method
private void verify(APDU apdu) {
byte[] buffer = apdu.getBuffer();
// retrieve the PIN data for validation.
byte byteRead = (byte)(apdu.setIncomingAndReceive());
// check pin
// the PIN data is read into the APDU buffer
// at the offset ISO7816.OFFSET_CDATA
// the PIN data length = byteRead
if ( pin.check(buffer, ISO7816.OFFSET_CDATA,
byteRead) == false )
ISOException.throwIt(SW_VERIFICATION_FAILED);
} // end of validate method
} // end of class Wallet
Any help on this would highly appreciated !! :)Hi,
Thanks a lot for reply.But I am not sure as to how can I delete the simulator.
All I want to do is write a pin on the smart card and verify it.But I am not being able to deploy the cap file or initiate the applet.
Also for passing the pin correct me if I am wrong........ according to what you said and what I have understood
If the code is like this :
public static void install(byte[] bArray, short bOffset, byte bLength) {
// create a Wallet applet instance
new Wallet(bArray, bOffset, bLength);
} // end of install method
byte aLen = bArray[bOffset]; // applet data length
// The installation parameters contain the PIN
// initialization value
pin.update(bArray, (short)(bOffset+1), aLen);
Lets say my pin is : 1234
then I would pass it here.....
new Wallet(bArray, 1234, bLength); -
Problem with CertificateRequest when using a smart card
Hello,
I have used the ssl debug statement to determine that ssl server is sending a CertificateRequest and a list of CAs. The smart card is opened via a password and I think X509KeyManagerImpl compares the Issuer of the smart card certificates with the server sent CAs. However since the issuer is an intermediate CA and only the root CA is in this list, the smartcard certificates are rejected. I CAN'T have the intermediate CA place in the ssl server list.
Using SSLConnect (KeyManager, X509TrustManager, null). The KeyManager is using NSS and the TrustManager is using opensc-pkcs11 via SunPKCS11. The OS is Linux, kernel 2.6.35.10-74.fc14.i686.
The intermediate CA is in the local cert store.
The application being used is DavMail.
Am I correct in stating that the the smart card certificates are checked against the server sent CAs?
Does anyone know how to get Java to use he local cert store to find the intermediate CA and then verify it against the Root CA in the server sent list?Placed in wrong forum. Moved it to Security Java Secure Socket Extension (JSSE)
-
RDS Gateway + Smart Card Error [ The specified user name does not exist.]
I have the following Windows Server 2008 R2 servers:
addsdc.contoso.com, AD DS Domain Controller for contoso.com
adcsca.contoso.com, AD CS Enterprise CA, CDPs/AIAs published externally.
fileserver.contoso.com, RDS Session Host for Administration enabled
rdsgateway.contoso.com, RDS Gateway enabled
tmgserver.contoso.com, 'Publishing' rdsgateway.contoso.com but with pass-through authentication
And the following Windows 7 PCs:
internalclient.contoso.com
externalclient.fabrikam.com
There's no trust between the domains, the external client is completely separate on the internet but the CA certificate for contoso.com has been installed in the trusted Root CA store. All servers have certificates for secure RDP.
I enrolled for a custom 'Smart Card Authentication' certificate with Client Authentication and Smart Card Logon EKUs from the CA, stored on my new Gemalto smart card using the Microsoft Base Smart Card CSP.
From internalclient.contoso.com, I can RDP to fileserver.contoso.com
using the smart card just fine with no certificate errors.
From externalclient.fabrikam.com, I can RDP to fileserver.contoso.com
via rdsgateway.contoso.com using a username and password just fine with no certificate errors.
From externalclient.fabrikam.com, I can RDP to fileserver.contoso.com
via rdsgateway.contoso.com using the smart card to authenticate to the gateway, and a username and password to authenticate to the end server, just fine.
BUT from when using a smart card to authenticate to the end server via the gateway, it fails with:
The specified user name does not exist. Verify the username and try logging in again. If the problem continues, contact your system administrator or technical support.
When I move the client into the internal network and try the connection again (still via the RDS Gateway), it works fine - the only thing I can think of is being outside the network and not being able to contact the AD DS DC for Kerberos is causing the issue
- but I'm pretty sure this is a supported scenario?
The smart card works fine internally, the subject of the certificate is the user's common name (John Smith) and the only SAN is
[email protected] which matches the UPN of the user account as it was auto-enrolled.
Does anyone have any ideas?I had a similar issue where I am using a smart card through a Remote Desktop Gateway. I had to disable Network Level Authentication (NLA) on the destination Remote Desktop Server. If anyone has another way around this, I'd appreciate hearing it. I'd prefer
to use NLA. -
How can I add the requester name in the To: field of the email generated when a Smart Card certificate is issued on his behalf.
I want to address the possibility of someone (Enrollment Agent) issuing a Smart Card certificate on behalf of a user, assign a PIN and use it without the user's knowledge.
There doesn't seem to be a way in the registry to define a variable to be used in a manner similar to the TitleArg & TitleFormat way of using %1.
Jamal Saket OSFI CanadaHi,
Thank you for your question.
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
How to use Smart Card API's (OCF) in Web Application
Hi frnds,
For our new smart card based project, i have few queries,
1. Can we choose web based application for smart card based projects?
2. How servlet will communicate with opencard CTListener class?
3. While the card insertion and remove how the event will be reflet the servlet?
4. For that is it needed to design the client UI by using Swing?
5. Without Swing will servlet give all solution for smart card connection and events?
Rgrds,
dhaya.I am also looking for smart card Authentication using web. Any info really appreciated
-
How to load the .cap file in a Smart Card?
Dear All,
Hello..!!
I am using JCDK 2.2 and have used Eclipse JCDK.
I have written a simple read/write applet and created a .cap file using Eclipse's Converter Java Card tool.
What is the next step to be done?
I have a smart card device and have installed its drivers.
When do the APDU commands come into picture?
Expecting help.
Thanks a lot.
Regards,
SurilSuril Sarvaiya wrote:
Hi Shane....
Thnx a lot....
I have downloaded GP-Shell 1.4.4
When I open its application and write any command and press enter ; the app window closes immendiately.
Can you please help me on this?
One more thing Shane......
I'm writig a java class using javax.smartcardio
I have installed drivers of Omnikey 3021
but the TerminalFactory is not detecting it?
Any idea on that?
Thanks again...
Regards,
SurilHi all,
Is Mr. thread starter has solved his problem?
I profit this thread to post my question. I'm working with new environment and I have problem loading cap file into my smartcard.
specification come first :-)
- My smartcard is said to be JC2.2.1 and GP2.1.1 compatible
- My code (for testing) is written in Java under eclipse Helios service 2 with JavaCard plugin (for JC2.2.2)
I compile my code with JDK 1.3 (for compatible version) and using the JC plugin to generate cap file (along with exp and jca).
My problem is exactly the same as one that was posted in this forum about 2 years ago but is not answered :-)
[Problem Loading Application to Card |http://forums.oracle.com/forums/thread.jspa?threadID=1749334&tstart=420]
+ I successfully authenticate with smartcard
+ APDU command Install for Load is executed successfully
+ BUT the APDU command LOAD file fails with returned status word is 6424
For details, I post here my javacard applet code and APDU command executed with my tool:
package mksAuthSys;
import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.OwnerPIN;
public class Jcardlet extends Applet {
private final static byte[] myPIN = { (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04};
final static byte Jcardlet_CLA =(byte)0xB0;
final static byte VERIFY = (byte) 0x20;
final static byte PIN_TRY_LIMIT =(byte)0x03;
final static byte MAX_PIN_SIZE =(byte)0x08;
final static short SW_VERIFICATION_FAILED = 0x6300;
OwnerPIN pin;
private Jcardlet() {
pin = new OwnerPIN(PIN_TRY_LIMIT, MAX_PIN_SIZE);
pin.update(myPIN, (byte) 0, (byte) 4 );
register();
public static void install(byte bArray[], short bOffset, byte bLength)
throws ISOException {
new Jcardlet().register();
public boolean select() {
if ( pin.getTriesRemaining() == 0 ) return false;
return true;
public void deselect(){
pin.reset();
//@Override
public void process(APDU apdu) throws ISOException {
// TODO Auto-generated method stub
byte[] buffer = apdu.getBuffer();
if ((buffer[ISO7816.OFFSET_CLA] == 0) &&
(buffer[ISO7816.OFFSET_INS] == (byte)(0xA4))) return;
if (buffer[ISO7816.OFFSET_CLA] != Jcardlet_CLA)
ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED);
switch (buffer[ISO7816.OFFSET_INS]) {
case VERIFY: verify(apdu);
return;
default: ISOException.throwIt (ISO7816.SW_INS_NOT_SUPPORTED);
private void verify(APDU apdu) {
// TODO Auto-generated method stub
byte[] buffer = apdu.getBuffer();
// retrieve the PIN data for validation.
byte byteRead = (byte)(apdu.setIncomingAndReceive());
// check pin
// the PIN data is read into the APDU buffer
// at the offset ISO7816.OFFSET_CDATA
// the PIN data length = byteRead
if ( pin.check(buffer, ISO7816.OFFSET_CDATA,byteRead) == false )
ISOException.throwIt(SW_VERIFICATION_FAILED);
}And my APDU command:
Loading "D:\mksAuthSys.cap" ...
T - 80F28000024F00
C - 08A000000003000000079E9000
ISD AID : A000000003000000
T - 80E602001508F23412345610000008A00000000300000000000000
C - 009000
T - 80E80000C8C482018B010012DECAFFED010204000108F23412345610000002001F0012001F000C001500420012009D0011001C0000009F00020001000402010004001502030107A0000000620101000107A000000062000103000C0108F234123456100001002306001200800301000104040000003DFFFF0030004507009D000510188C0003188F00013D0610088C00028700AD007B000403078B0005188B00067A02308F00073D8C00088B00067A0110AD008B00096104037804780110AD008B000A7A0221198B000B2D1A0300
C - 6424
Stopped loading due to unexpected status words.Urgently look forward to hearing from you.
Thanks a bunch in advance
Best Regards,
JDL -
Remote desktop and smart cards
I frequently work from home using my mac to access my windows based desktop at the office. I use the microsoft remote desktop v. 1.0.3. for MAC. Now that my agency is moving to smart card identification requirements for access I need to be able to use the smart card at home to sign onto the office desktop.
The RDC for MAC does not have an option for smart card readers (as opposed to the RDC for windows version). Is there alternative software that would be simple to install on my MAC (I am not an IT sophisticate) that will give me smart card access?Microsoft Remote Desktop Connection (RDC) for Mac and Apple Remote Desktop (ARD) are two completely different tools with marginally similar capabilities. Unfortunately, as you've already discovered, neither offers Smart Card capabilities to allow you to authenticate to your Windows computer at work.
If your Mac is an Intel Mac then you could probably run Windows using Parallels or Boot Camp on your home computer and use the Windows RDC client to make your connection. I don't suggest trying to use VirtualPC if you have a PowerPC Mac simply because your Smart Card reader will most likely be USB and VirtualPC has a bad track record with USB devices.
Hope this helps!
bill
Mac OS X (10.4.10) 1 GHz Powerbook G4 -
MS Remote Desktop and smart card reader
I have installed MS Remote Desktop Conn. on my iMac and connected a smart card reader via the USB. Although my reader energizes when the computer is on, the computer doesn't seem to recognize the reader. When I insert a CAC card into the reader and try to log in remotely, I continue to get a "username/password" box instead of the CAC PIN number. Do I need to install some kind of smart card driver or does Apple already have it? I'm at a loss as to how to fix this.
I was able to get rdesktop 1.6.0 to install on my Mac and I was able to get CAC log-in to work.
However, the installation is a little tricky. I downloaded rdesktop 1.6.0 from this link:
<<http://www.rdesktop.org>>
My instructions for installation:
1. Make sure Xcode Tools is installed on your computer. It should be on your OS X install disk.
2. Find out where your X11 libraries are located:
-From the Finder menu, selct "Go" >> "Go to Folder..."
-Type (without the quotes) "/usr/X11", and click "Go"
You should see a bunch of folders. Make sure the "include" and "lib" folders are there. Otherwise you need to find out where the X11 "include" and "lib" folders are located on your computer.
3. Download rdesktop and place the (unarchived) rdesktop-1.6.0 folder on your Desktop
4. Open the X11 application (should be in your Utilities folder)
5. In the X11 window type the following (without the quotes):
"cd Desktop/rdesktop-1.6.0 && ./configure --enable-smartcard -x-includes=/usr/X11/include -x-libraries=/usr/X11/lib && make && sudo make install"
4. Hit enter. When prompted, enter your administrator password and hit enter.
rdesktop should now be installed in the following folder:
/usr/local/bin
So, to launch rdesktop with smartcard log in enabled, open the X11 application (or Terminal application) and type the following (without the quotes, and replace your.server.address with the server address):
"cd /usr/local/bin && ./rdesktop -r scard your.server.address"
Hit enter and it should launch a new X11 window that will try to access the remote server where you should be prompted for your PIN.
To explore more options with rdesktop, open X11 and type the following (without quotes):
"cd /usr/local/bin && ./rdesktop"
Hit enter and you should get a list of options available to rdesktop. -
Hi.
I need to use a smart card while working with remote desktop.
My office pc runs win XP and have a smart card connected. I can not use that card when working remotly, its not found. Like its disconnected.
I also have a smart card connected to my Mac at home. The smart card works fine when the VPN connection ask for my code.
The problem is that it does not get forwarded. I have tried to use MS Remote Desktop for mac and CoRD.
But none of them supports the smart card.
It works fine with parallels/win7 on my mac, I can then use my smart card.
How ever I would like to not use the win/ on my mac.
Do anybody have a soulution to this? Are there any Remote desktop applications that support forwarding of smart card for Mac OS?
Thanx for any tipsYou can install rdesktop with Smart Card support.
It is fairly easy if you use something like MacPorts, Fink, or Homebrew.
I know MacPorts has a port for it that I used in the past. -
Error encountered while signing. Windows cryptographic service provider reported an error. Object not found. Error code:2148073489. Windows 7, Adobe Reader XI, Symantec PKI, Smart Card and CAC. I have seen other threads for this error but none have a resolution. Any help would be appreciated.
Sorry for the long title, first time poster here.This thread is pretty old, are you still having this issue?
-
Error while Accessing Smart Card using Open Card Frame Work
HI
Using Open Card Frame work I am trying to access GemAlto provided Smart Card (java card). I downloaded the Open Card Frame work from http://www.openscdp.org/ocf/download.html.
I am executing a basic program to access the data stored in smart card.
public static void main(String[] args)
System.out.println("reading smartcard file...");
try {
SmartCard.start();
CardRequest cr = (FileAccessCardService.class);
System.out.println("calling waitforCard");
SmartCard sc = SmartCard.waitForCard(cr); //Error comes after this line
System.out.println("After waitForCard called");
FileAccessCardService facs = (FileAccessCardService)
sc.getCardService(FileAccessCardService.class, true);
CardFile root = new CardFile(facs);
CardFile file = new CardFile(root, ":c009");
byte[] data = facs.read(file.getPath(), 0,
file.getLength() );
sc.close();
String entry = new String(data);
entry = entry.trim();
System.out.println(entry);
} catch (Exception e) {
e.printStackTrace(System.err);
System.exit(0);
The content of the opencard.properties are :
OpenCard.services = opencard.opt.util.PassThruCardServiceFactory
OpenCard.terminals = com.ibm.opencard.terminal.pcsc10.Pcsc10CardTerminalFactory
OpenCard.trace = opencard:5 com.ibm:4 opencard.opt.database:6
After the line SmartCard sc = SmartCard.waitForCard(cr);
the program is expecting a card to be inserted but while inserting Smartcard the following error message come :
calling waitforCard
[ERROR ] com.ibm.opencard.terminal.pcsc10.OCFPCSC1.OCFPCSC1.SCardConnect
--- message
--- thread Thread[Thread-0,5,main]
--- source com.ibm.opencard.terminal.pcsc10.OCFPCSC1@2e7263
[ERROR ] com.ibm.opencard.terminal.pcsc10.OCFPCSC1.OCFPCSC1.SCardConnect
--- message Protocol = 0
--- thread Thread[Thread-0,5,main
--- source com.ibm.opencard.terminal.pcsc10.OCFPCSC1@2e7263
Basically the error is coming from the SCardConnect function of OCFPCSC1.cpp file.
Please reply to my mail id if any body has any idea how to resolve this issue.
MAIL-ID : [email protected]
With Regards
Swarup
Finacle Archie
Infosys Technologies Limited,Bhubaneswar,IndiaSounds like an issue that has to do with JavaScript Origin policy. You'll have to use Domain Relaxing for this. Read all about it here:
http://help.sap.com/saphelp_nw04/helpdata/en/59/87b54064c2742ae10000000a155106/frameset.htm
here:
http://help.sap.com/saphelp_nw04/helpdata/en/5e/473d4124b08739e10000000a1550b0/frameset.htm
and here:
http://help.sap.com/saphelp_nw04/helpdata/en/cb/f8751d8c6b254dac189f4029c76112/frameset.htm -
Using smart card/nfc tag for authentication on Windows 8 devices NOT in a domain
Title says it all. We have Sony RC-S380 readers and Acer Iconia W510 tablets with builtin Broadcom NFC chips. We can read tags and configure them for the usual proximity stuff (URIs, mail, etc.) but we are looking for authentication purposes, however without
using ADFS or domain security. Can anyone point us in the right direction?Hi,
By default, smart card is not available for stand alone computer and local account.
This authentication technology might be helpful to you:
EIDAuthenticate - Smart card logon on stand alone computers and local accounts
http://www.mysmartlogon.com/products/eidauthenticate.html
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Karen Hu
TechNet Community Support -
Security-Kerberos Event ID 9 - Smart Card not working for Login due to CRL download failure
We have 8 computers that users were able to login with a Smart Card on one day. The next day they couldn't. Everyone else can login with a Smart Card without issue. These users can login with their smart card on other systems without issue. No users can
login on the affected computers with a SmartID.
In all cases, users can login on affected computers with their user ID and password.
All traces on the domain controllers indicate the smart card PKI cert was validated by OCSP and the Kerberos session ticket was passed back to the client.
However the client can't download the CRL from the CRL server for validation during login and always reports the CRL server is unavailable.
Using CertUtil, you can validate manually the DC cert and the CRL will download from CRL server. You can also hit the HTTP site for the CRL download and manually download the CRL. All this once logged in using user id and password.
You can't unlock the computer with a Smart card or login with a smart card.
Packet trace indicates Kerberos session properly negotiated with workstation and DC.
Everything fails once client workstation can't download CRL during login.
Any suggestions on where to look next?
We have reloaded Activclient smart card validation software. Still no effect on issue.
Smart card is readable once user is logged in, via Activclient, and Windows recognizes certs on smart card when inserted for login.
Problem occurs during CRL download only, so login or any type of validation fails.Got it.
So try to do what i suggested, exclude the CRL downloaded on Friday and try to rebuild it.
Check it here:
To resolve this issue:
Delete the domain controller certificate that is no longer valid.
Request a new certificate.
To perform these procedures, you must be a member of the Domain
Admins group, or you must have been delegated the appropriate authority.
Delete the domain controller certificate that is no longer valid
To delete the domain controller certificate that is no longer valid:
On the domain controller, click Start, and then click
Run.
Type mmc.exe, and then press ENTER.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click
Continue.
Click File, and then click Add/Remove Snap-in.
Click Certificates, and then click Add.
Click Computer account, click Next, and then click
Finish.
Click OK to open the Certificates snap-in.
Expand Certificates (Local computer), expand Personal, and then click
Certificates.
Right-click the old domain controller certificate, and then click Delete.
Click Yes, confirming that you want to delete the certificate.
After the certificate is deleted, follow the procedure in the "Request a new certificate" section.
Request a new certificate
To request a new certificate:
Expand Certificates (Local computer),right-click Personal, and then click
Request New Certificate.
Complete the appropriate information in the Certificate Enrollment Wizard for a domain controller certificate.
Close the Certificates snap-in.
Verify
To perform this procedure, you must be a member of the Domain
Admins group, or you must have been delegated the appropriate authority.
To verify that the Kerberos Key Distribution Center (KDC) certificate is available and working properly:
Click Start, point to All Programs, click
Accessories, right-click Command Prompt, and then click
Run as administrator.
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click
Continue.
At the command prompt, type certutil -dcinfo verify, and then press ENTER.
If you receive a successful verification, the Kerberos KDC certificate is installed and operating correctly.
Sergio Figueiredo
Microsoft Certified Solutions Associate
Maybe you are looking for
-
Pulling data from table to a flat file
hi all, Good day to all, Is there any script which i can use for pulling data from tables to a flat file and then import that data to other DB's. Usage of db link is restricted. The db version is 10.2.0.4. thanks, baskar.l
-
I have just over 100gig of music in my iTunes library plus what ever else I add in the future. Because of the amount I had to save my music library on an external drive as my laptop did not have the memory to hold it all. I want to back up my iTunes
-
How to get the list of application instance assigned to user
Hi, I need to run the query in BI publisher to get the list of all the application instance assigned to a user in OIM 11g R2. Please let me know how to get this data. Also please let me know what is the table to see the list of application instance i
-
First timer here, so bear with me. I have imported my files, but the monitor panel right side is zoomed in. I have a feeling I just missed a setting somewhere. Can anyone tell me what I did wrong and how do I fix it?
-
Dear all, I am using Jdev. 10.1.3, ADF BC. Is it possible to run the Reports 6i in Jdev.? Or, need Reports 9i or higher? If so, how can I run it in Jdev.? On the other hand, I prepared the XSQL and XSL (use FOP) in order to create report. I can run t