OpenSC Installer for Mac OS X

Scope

The goal of OpenSC installer is to integrate with the platform as closely as possible and to provide support for PKCS#11 and native CDSA/Keychain applications on Mac OS X 10.5 and newer. OpenSC installs itself to the default /Library/OpenSC folder, symlinks to command line utilities are created into /usr/local/bin. There are no GUI applications but compatible personalized smart cards (see CardPersonalization) show up in /Applications/Utilities/Keychain Access.app (because of OpenSC.tokend, installed to /System/Library/Security/tokend/OpenSC.tokend).

Mac OS X 10.7 (Lion)

• The package for 10.6 works on 10.7 as well.
• The future of smart cards on 10.7 and onwards is unclear ( 1,  2)

Mac OS X 10.6 (Snow Leopard)

The package is built for i386 and x86_64 and contains:

• OpenSC 0.12.X tree
• OpenSC.tokend 0.12.X tree

System OpenSSL (0.9.8l) is used.

Mac OS X 10.5 (Leopard)

The package is built for i386 and ppc7400 and contains:

• OpenSC 0.12.X tree
• OpenSC.tokend 0.12.X tree

System OpenSSL (0.9.7l) is used. NB! This version of OpenSSL does not support dynamic loading (DSO_DLFCN), so it is not possible to use it with engine_pkcs11!

Download

NB! Only install smart card reader drivers provided by the reader vendor if the one bundled with Mac OS X does not work for you (i.e. your reader is not CCID compliant or some features like PinPad? do not work properly)

• See WikiStart for stable releases or try one of the PreReleases

FAQ

How to uninstall ?

Run in Terminal.app:

sudo /usr/local/bin/opensc-uninstall

The package requires 10.X.Y but I have 10.X.Z

The latest operating system release has the latest security fixes, so keeping your software up to date is preferred. Developers usually have the latest version as well, so this is the only tested platform that can be debugged and supported if necessary. Disabling of the version check is possible, just copy the .pkg to your hard disk and change OpenSC-10.X.pkg/Contents/Resources/InstallationCheck file from:

    if(CheckVersion("$SYSTEM_VERS", "10.X.Y", "ProductVersion", "<")) {

to:

    if(CheckVersion("$SYSTEM_VERS", "10.X.Z", "ProductVersion", "<")) {

Known issues

• No good documentation
• Websites with re-negotiation are known to cause troubles in Safari
• On 10.5 engine_pkcs11 can not be used because of the old OpenSSL
• opensc.conf handling during installation needs improvement

Building the installer

Building requires up to date OS X 10.6 with Developer Tools installed (tested with OS X 10.6.6 and Xcode 3.2.5, works with both GCC and LLVM/clang). Requires git and fink or macports with docbook-xsl, xsltproc, autoconf, automake, pkgconfig and libtool2:

sudo port install autoconf automake pkgconfig # minimal, works on 10.7
sudo port install autoconf automake pkgconfig docbook-xsl xsltproc
fink install docbook-xsl libxslt-bin autoconf2.6 automake1.11 libtool2

Fetch your favourite Git SourceCode tree:

git clone git://github.com/martinpaljak/OpenSC.git
cd OpenSC
./MacOSX/build # Builds 10.6 installer
./MacOSX/build 10.5 # Builds 10.5 installer

Example:

$ time ./MacOSX/build 10.5
# build output removed
created: /Users/martin/buildtest/OpenSC/OpenSC-10.5.dmg

real	4m31.994s
user	1m51.501s
sys	0m38.020s
$ time ./MacOSX/build
# build output removed
.....................................
created: /Users/martin/buildtest/OpenSC/OpenSC-10.6.dmg

real	2m21.883s
user	2m18.951s
sys	0m41.993s

The build process uses binary OS X internal components that are fetched and combined from  http://src.macosforge.org/Roots/

Old versions

The previous (now deprecated) Mac OS X distribution SCA is also  still available.

10.6 and smart cards with Java

64bit JVM has problems with detecting smart card reader events and states via javax.smartcardio. To access smart cards, java needs to be started in 32bit mode with -d32