144K CAC Support in Linuxby Will on 1/11/2010
Support for CAC readers in linux is out there, but isn’t advertised very well. Additionally, I found that getting support for the new 144K CAC cards isn’t the easiest. If you don’t already know, coolkey is now being replaced with cackey. After talking with the developers of the new cackey software, I found that it wasn’t very easy to obtain their software. So, in order to get the software, you needed a functioning CAC card and reader to log into their website, however, if you are stuck like I was, that was impossible since you need their software to get everything to work. It was a horrible catch 22. After obtaining a copy, I decided to load it up here so that I could share (and so that I didn’t delete the package and get stuck without it again).
It is fairly easy to set everything up, the only part that sucks is loading the certificates into your browser. Their are a couple of plugins for Firefox that supposedly allow you to load certificates faster, however, I haven’t explored that far, I just manually added all of them myself.
First, download cackey (contact for a copy). I would recommend creating a folder in your root directory to extract it in. I use ‘/work/’ to compile all of my downloaded code.
Next, you need to make sure that you have the required files to get cackey to work. For gentoo…
# emerge -va ccid pcsclite
and for arch linux (ccid is in the AUR, so you need to use yoaurt or eqivalant)
$ yaourt -S ccid pcsclite
Next, you need to extract and install cackey.
# cd /work/
# tar xvf cackey-0.5.18.tar.gz
# cd cackey-0.5.18
# ./configure && make && make install
After cackey is installed, you will need to point firefox to the cac reader. Open firefox, go to Edit, Preferences, Advanced and Encryption. Click on the Security Devices button. Click Load on the right hand side. You want to name the module “CAC Module” and you want to navigate to the libcackey.so file: “/usr/local/lib/libcackey.so”. (make sure the cac reader is plugged in before you load the module.
Now for the last (and most painful) part. You will have to load all of the certificates.
Go to http://dodpki.c3pki.chamb.disa.mil/rootca.html and click on all of the links to install the first set of certificates.
Next, go to https://crl.chamb.disa.mil/ and select the “ALL CRL ZIP” on the left hand window and download. Next, you need to extract that. Go back to firefox and click Edit, Preferences, Advanced, Encryption and click the View Certificates button. Go to the Authorities tab, and click Import. Navigate to where the certificates are and on the bottom right, there is a drop down to change the file extension to “All Files“. You will have to import each one manually. After you select one, click Open, and then click Okay. Then repeat the process. (View Certificates, Import, etc…). Once all have been loaded, then your 144K CAC Card should work.
If there are any questions, please firstname.lastname@example.org