Smart Card for Apple Mac OS X
This project enhances smart card support of Mac OS X with OpenSC tools. The current released version (dated August 2008) is based on OpenSC 0.11.5. More recent beta versions are available, and you can also build from source.
There is no GUI, or even new application in your Applications folder. The command line tools are installed in /Library/OpenSC/bin and must be started from a Terminal.
SCA installs things in the appropriate places on the system so as to integrate with two kinds of APIs: PKCS#11 and Tokend.
Applications that can use PKCS#11 modules (like Mozilla family applications (Firefox, Thunderbird)) can use the module that is located at /Library/OpenSC/lib/opensc-pkcs11.so after the installation.
The SCA package contains also Tokend for OpenSC. So you can use an OpenSC compatible smart card with Apple native applications like Safari, Mail.app or KeychainAccess. With Tokend, you can also use the smartcard and PIN instead of the usual login/password to log onto your Mac (howto).
The SCA package contains also some other useful things (more infos):
- OpenSSH recompiled with smart card support
- Libp11
- Engine PKCS#11
- OpenSSL recompiled with DSO support (needed by Engine PKCS#11)
Requirements
- This package works only with MacOSX Tiger (10.4.4 and newer) and will run natively on both Power PC- and Intel-based Macintosh computers (Universal Binaries). However, note that PowerPC applications ran with Rosetta on Intel Macs will not be able to access SCA's universal PKCS#11 module. Your application must be universal as well to use the PKCS#11 interface.
- There are some incompatibilities with MacOSX 10.5 (Leopard) and SCA...
- This package does not provide any smartcard reader driver (excepting Axalto E-gate, and then again it is not installed by default: you need to select "Personalize" in the Installer and then select ifd-egate, libusb and autostart). All other smartcard readers or USB tokens need to be functional before any attempts to use this package. A good test is to launch pcsctest in a Terminal with your card reader connected and a smart card inserted (or your USB token connected).
Download
Stable Release
The latest stable release (0.2.3) is now available in two different forms. They are both based on the same code.
- SCA complete package (with OpenSC, OpenSC.Tokend, OpenSSL, Engine PKCS#11, LibP11, OpenSSH, Axalto e-Gate driver, Libusb and pcscd-autostartup-fix). Inside the Installer, you can personalize.
- SCA-Light is a "Light" version, for users who just want to use their SmartCards for login or authentication on Web sites with Firefox or Safari and for mail signature/encryption/decryption with Thunderbird and Mail.app. This package contains OpenSC and OpenSC.Tokend.
- SCA-Reader contains the driver for Axalto E-gate (and libusb) and Pcscd autostart fix. This is an add-on to the SCA-Light package for Axalto E-gate (you need to select libusb too for this purpose) and can also fix that PCSCD startup problem when it not runs after inserting some card readers.
Please do NOT mix SCA-Light with Full SCA version on the same computer without uninstalling it.
Beta Builds
Beta builds are available here. The "light" version has been discontinued as of November 2006 in beta builds, please use the "full" version instead.
Uninstall
You can uninstall SCA with this command in a Terminal:
sudo /Library/OpenSC/bin/opensc-uninstall
Configuration
- The configuration file is located at /Library/OpenSC/etc/opensc.conf and can be edited with TextEdit started like this in a Terminal:
$ sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /Library/OpenSC/etc/opensc.conf
Documentation
- It is available online and is also available in /Library/OpenSC/doc/ after installation.
Source Code
- You can access the source code using SVN. To check out the whole sca project, just use
svn co http://www.opensc-project.org/svn/sca sca
- you need to package OpenSC (make package-opensc) and install OpenSC.pkg before you can build openssh
- you need to be root to build tokend (make build-tokend) or change recursively the owner of /Volumes/Builds/Buildxxx after mounting the Builds disk image.
- See the OpenscTokend page
