for Linux - Charismathics
Contents
1. Contents 1 IYITOduClioiku r uuu u u u Lau 3 2 SUPPORTER HANAWale sse u uyu uu Da ab a uQ ua Cu 5 2 1 SUDpoOrted Smalt Cafts uscite E PIE wae eee 5 2 2 Supported Smartcard Readers Vua Da ap hdd vas DUUM RU REM Vas Dm DM Ed 2 3 Administration Tool Charismathics Security Token Configurator 11 3 1 T 11 S1 VOKERMCOMMNGUGALOl MENU uuu u y lu u uya ua ER 11 3 1 2 Edit men Context menu y Ot bea iman 12 Delco Tokerlymonllzuc a u 12 secos n u 15 4 User Tool Charismathics Smart Security Interface Utility 16 4 1 change PIN c 16 4 2 Sigo dul Meet 16 4 3 Change TokenSO PIN MS 17 5 Configuration of Applications supporting Charismathics PKCS1711 18 5 1 516 18 5 2 DING canons D Llu a M pe LAS DER LED 19 6 Information Export Restrictions a a 20 1 Introduction Thank you for purchasing the Charismathics Smart Security Interface CSSI for Linux CSSI for Linux provid2. both within the hierarchy and the properties view Failing to enter the correct User PIN three times in a row locks the card See Unlock User PIN on how to clear the lock Please enter User PIN ASCII PIN ASCII C Numeric L o tex input Cancel Please enter User PIN Numeric C ASCII PIN Numeric Hex Input Invalid data please insert only numeric data or change to ASCII The hardware configuration and user settings determine the initial PIN entry method Supported entry methods are O ASCII each character of the PIN needs to according to the ASCIT table Numeric each character of the PIN needs to be a digit 0 9 This can be used to en sure PINPAD compatibility Hex Input the PIN has to be entered in a hexadecimal format That means the length of the PIN has to be even and only characters 0 9 and are valid Use PINPAD this option is enabled only when the authentication to the token is possible via secure PIN entry When this option is selected the edit text for the PIN will be disabled and the user must input the PIN from the corresponding SPE reader Use Biometric this option is enabled only when biometric authentication is possible by using a corresponding token When this option is selected the other PIN types will be dis abled and a Scan button can be selected in order to start the biometric authentication After successfully
3. requests my personal certificate Select one automatically Ask me every time View Certificates Revocation Lists Validation Security Devices 2 Close Click Security Device The Device Manager window will open Load 5 11 Device Enter the information for the module you want to add Module Name SB Tere HI Click on Load Leave the Module Name s default value which is New PKCS 11 Module Enter the file path of libcmP11 so to the Module filename Click OK Device Manager Security Modules and Devi Details 7 NSS Internal PKCS 11 Module Status Not Logged In Generic Crypto Services Description OmniKey Ca Software Security Device Manufact OmniKey Ca Builtin Roots Module HW Version 0 1 Builtin Object Token FW Version 0 1 New PKC5 11 Module Label test test Manufact Siemens unload Nu 1212 HW version 0 0 Enable FIPS Change Password FW Version 0 0 5 2 Configuring Thunderbird Configuring libcmP11 so in Thunderbird is just the same as Firefox Please refer to 5 1 Configuring Firefox 6 Information Export Restrictions Charismathics GmbH 47 Sendlinger St 80331 Munich Germany Manual Revision November 26 2012 Copyright Charismathics GmbH 2002 2012 All rights reserved Without the express prior written consent of Charismathics you must not distribute edit or translate copyrighted material Tr
4. ade Mark All mentioned software and hardware names are in most of the cases trade marks and are liable to legal requirements Please observe The product delivered to you is liable to export control Please observe the legal requirements of specific countries For export out of the EU an export approval is necessary
5. d then the smartcard reader must support the extended APDU Administration Tool CSTC offers functions to manage smart card content initialize smart cards manage PINs generate and manage keys and certificates Note After changing the contents of the smartcard you need to remove and reinsert the smart card to see the changes in other applications This also applies when you perform Create Profile Gener ate Key and Imports functions 3 1 User Interface After opening the CSTC tool you will see the interface you see below Manager Edit Token Key Pair Certificate About V 12 Slots b w OmniKey CardMan 3121 00 00 The left panel displays the list of smart card readers which are connected to the system Hardware smart card readers and virtual USB token readers are displayed in the same window Once a token has been in serted the hierarchy is extended Selecting an item in the hierarchy view displays its properties in the right hand panel The properties are displayed in tabular form with parameter and its associated value 3 1 1 Token Configurator Menu s Open Token To view the contents of a token select the reader which contains the smart card USB Token or TPM from the hierarchy and select Open Token from the Manager menu Clicking the arrow icon in front of the reader to expand the hierarchy serves the same purpose At first only public information is available e g label of the token the profile an
6. d free memory Furthermore certificates public keys container and data are displayed m Create Token Profile This option deletes the current profile if present and creates new one the smart card or USB token Create Token Profile Profile corporate profile w The length of the Card PIN has to be exactly 10 Card PIN 0987054321 w minimum length of the SO PIN is 8 SO PIN w The maximum length of the SO PIN is 10 Confirm SO sess ee W The SO PIN was correctly verified User PIN w The minimum length of the User PIN is 4 Confirm User PIN w The maximum length of the User PIN is 8 Serial Number 5948 W The User PIN was correctly verified w The serial number shall have not more than 16 Label and at least one alpha numeric digits un I _Cancel 3 1 2 Edit menu Context menu The content and availability of the Edit menu changes according to the item selected in the main hierar chy view Most functions of the Edit menu are also accessible by right clicking an item in the hierarchy 3 1 3 Token menu For the Token menu to contain any active entries the Token must have been opened in advance e g by using Manager Open Token Login Prior to operations on the token the user is required to log in Logging in requires the Us er Pin Once logged in this option is disabled and additional information becomes available
7. d the maximal length is ten charac ters Click on the button Unlock PIN and a confirmation window opens Charismathics Smart t Security Interface Change Token PIN Unlock Token PIN Unlock Token Unlock Token PIN Change Token SO PIN Card label No smartcard inserted Here you can unlock the PIN of your Smartcard SO PIN New PIN Confirm the New PIN Alphanumeric Numeric Hexadecimal Unlock PIN Charismathics Smart Security Interface Change Token PIN Unlock Token PIN Change Token SO PIN Change Token SO PIN Card label test Here you can change the SO PIN of your Smartcard SO PIN 1 jJ New SO PIN y jJ Confirm the New SOPIN Alphanumeric Numeric Hexadecimal 50 5 Configuration for support of PKCS 11 5 1 Configuring Firefox Note Make sure to have a card reader connected before configuring Firefox and Thunderbird It seems the Browse button in Firefox is not working correctly and gives a garbled path It requires you to type manually the full path in the path field To prevent mistyping it is recommended fol lowing the instructions below Open Mozilla Firefox Go to Firefox toolbar Preferences Go to Advanced tab Encryption tab Firefox Preferences General Tabs Content Applications Privacy Security Network Update Encryption Protocols Use SSL 3 0 Use TLS 1 0 Certificates When a server
8. erbird Adobe Acrobat VPN 2 Supported Hardware 2 1 Supported Smart Cards CSSI for Linux is tested with the following smart cards ACOS A Trust Card ACOS EMV A03 ACOS A04 ACOS A05 ACOS SMARTMX m ActivIdentity Card m Axalto Cyberflex Access V2c CardLogix Java 2 2 1 Feitian FIPCS COS a Feitian 5 s Siemens CardOS 4 01 s Siemens CardOS V4 20 s Siemens CardOS V4 2B s Siemens CardOS V4 2c s Siemens CardOS 4 2C DI s Siemens CardOS V4 30 a Siemens CardOS V4 3B Siemens CardOS V4 4 Gemalto EMV PKI Gemalto TOP IM GX4 Gemalto IAS ECC GemXpresso Pro R3 2 20 21 31 41 JCOPJ2 J3 4 JCX32 36 10 132 25 26 Micardo 2 Morpho YPS ID2 Morpho YPS ID3 IAS ECC NetKey E4 2000 Oberthur Cosmopo RSA V5 x Oberthur CosmopolIC 64K V5 2 Oberthur Cosmo ID One V5 2 PIV Oberthur ID One Cosmo V7 0 Oberthur ID One Cosmo V7 0 DI Oberthur ID One Cosmo V7 0 n Oberthur ID One Cosmo V7 0 a Oberthur ID One v7 IAS ECC PAV Card ABACOS Privaris PlusID 60 75 90 Setec SetCard Sm rtCafe Expert 2 CSSI PIV for Mac is tested with the following PIV cards m Cyberflex Access 64K V1 SM 4 1 CosmopolIC 64K V5 2 Fast ATR 2 Cyberflex Access 64K V2c Gemalto TOP DL protiva PIV apple
9. es modules that are needed in order to integrate different smart cards and USB tokens into your applications The functionality ranges from administration of the card to modules supporting the operating system to use token The following file structures profiles are supported Charismathics corporate profile PKCS 15 profile FINEID profile PIV Profile IAS ECC Profile CNS Profile Profile IAS ECC Profile CSSI for Linux User Edition is comprised of the following modules SCARDUTILITY User tool Information on how to use this tool is described in Chapter 4 Smart Security Interface Utility libcmP11 so PKCS11 Library for Linux Information on how to use this library and configuring its supported applications is explained in Chapter 5 Configuration of Applications supported by libcmP11 so CSTC Charismathics Security Token Configurator for Linux is not included in CSSI User edition tool and has to be purchased separately It is comprised of the following modules SCMANAGER CSTC tool Information on how to use this tool is described in Chapter 3 Administration Tool Charismathics Security Token Configurator CSSI for Linux enables you to use additional applications and services that use this standard interface In particular the following applications can be augmented by CSSI Smartcard login to Linux SSL Authentication by smartcard Mozilla Firefox Email security with cards using Thund
10. logging in to the token certificates on the card can be registered with the Windows cer tificate store For each certificate which is not yet registered with the certificate store but stored on the token a dialog opens asking the user whether the certificate is to be registered Logout This item works analogous to the Login option Change User Change SO PIN Unlock User PIN Change user PIN ASCII ASCII Numeric Hex Input Use PINPAD Old user PIN New user PIN Confirm new user PIM OK Cancel Change 50 PIN ASCII ASCII Old SO PIN a Co New SO PIN Hex Input Confirm new SO PIN Cancel These functions work very similar to each other These functions are always available and all require an authorization PIN to make a change The changed value has to be entered twice to avoid typographic er rors All values are masked with asterisks to provide privacy The PIN entry method can be changed the same way as in the login dialog 3 1 4 Info Menu Charismathics Security Token Configurator About Supported 05 3bf4180002c10a31fe5856346376c5 Manual Siemens CardOS V4 3b Historical Bytes 56346376 Label Test Profile corporate profile Serial Number 5948 Maximum PIN Length 10 Minimum PIN Length 4 Free Card Memory in Bytes 29762 About Displays general version information about the CSTC edition Supported OS Displays the list
11. of smart card operating systems supported by CSSI This list in cludes only the predefined associations Additional associations can be created with the CSSI Ex tension Tool Manual This manual 4 User Tool CSSI Utility This tool exposes all relevant functions if you acquired Charismathics Smart Security Interface in the user edition Insert your smart card in the reader and open Charismathics Smart Security Interface Util ity 4 1 Change PIN Charismathics Smart Security Interface Change Token PIN Unlock Token PIN Change Token 50 PIN Card label test Here you can change the PIN of your Smartcard Old PIN 0 jJ New PIN Confirm the New PIN Alphanumeric Numeric Hexadecimal change PIN To change your PIN insert the old PIN followed by the new PIN which must be entered a second time as confirmation The minimum length of the User PIN is four characters and the maximal length is ten charac ters Click on the button Change PIN and you receive a window with the confirmation IMPORTANT After three consecutive wrong inputs the User PIN will be locked Please choose a PIN which you can remember well but which cannot be easily guessed Avoid birthdays or simple sequences of numbers like 1234 1111 To unlock your PIN enter the SO PIN followed by the new PIN which must be entered a second time as confirmation The minimal length of the User PIN is four characters an
12. t V1 55 Gemalto TPC DM 72K PIV Gemalto TOP DL V2 protiva PIV applet V1 55 Gemalto TOP DL GX4 144K FIPS GEMALTO GCX4 72K DI Gemalto TOP DM 72K FIPS GemXpresso PRO 64K R3 FIPS V2 2 Gemalto TOP DL GX4 PIV GoldKey PIV Token Oberthur ID one Cosmo V5 PIV applet V1 08 Oberthur Oberthur ID One Cosmo 64 V5 2 AI PIV End Point Applet Oberthur ID One PIV Type A Large ID One PIV applet Suite2 3 2 Oberthur ID One Cosmo V5 2 AI PIV End pont applet Oberthur ID One Cosmo V7 0 PIV Oberthur ID One Cosmo V7 0 n type A Standard D ID one PIV applet suite 2 3 2 m Oberthur ID One Cosmo V7 0 type B Large D ID one PIV applet suite 2 3 2 Oberthur ID One Cosmo 128K v5 5 2 Oberthur ID One V5 2a Dual m Oberthur CosmopolIC 64K V5 2 Fast ATR 1 a SIPRNet token 2 2 Supported Smartcard Readers Please make sure your PC SC smartcard reader has been installed according to the producer s specifica tions and is fully operational Charismathics Smart Security Interface in Linux has been tested with the following card readers Omnikey Cardman 3621 USB Cardman 3821 USB SCM SCR 3310 USB SCM SCR 3311 USB SCM SCR 532 serial USB Additionally a great number of readers not explicitly mentioned above but built upon compatible hardware are supported Note Only PC SC drivers are supported There is no support for CT API drivers If RSA 2048 bit key shall be use
Download Pdf Manuals
Related Search