Installation of Smart Card Software
Damien Sauveron
Abstract
The installation and the usage of some Smart Card software is a complex job. This document could help you to set up an environment in order to take a good way for the Smart Card's world.
Table of Contents
I have written this document in order to share my experience on usage of Smart Card on a Linux environment (Slackware 8.1™). I hope this will help you to cope with the installation and using problems. This document describes the installation of:
PC/SC Lite and some drivers;
many Java Development Kits and Java Card Development Kits;
OpenCard Framework (OCF), OCF to PC/SC bridge, GemXpresso RAD3;
JPCSC library and JCOP Tools.
Note
For many operations you must have the root privileges on the host.
Thanks for all the volunteers who work on the development of PC/SC Lite, free drivers, Muscle, etc. I don't forget all the people who answer on Muscle and other mailing list, newgroups, etc.
Download the last version of PC/SC Lite [PCSCLite].
user% tar xvzf pcsc-lite-x.y.z.tar.gzuser% cd pcsc-lite-x.y.z |
If you want use USB readers you must use the --enable_libusb. Libusb is a portable API available on many OS for usage of USB. If libusb is not installed on your system, install it.
user% ./configure --enable-libusb=/usr/local --enable-daemon --enable-debug --enable-threadsafe --prefix=/usr/local/pcsc --sysconfdir=/etc --enable-runpid=/var/run/pcscd.pid |
Note
/usr/local is my path for my libusb install.
Note
The --enable_threadsafe implies to compile the clients of the PC/SC middleware with -lpthread for using the pthread library.
Compile PC/SC Lite.
user% make |
Get the root privileges and install it.
root% make installroot% echo "/usr/local/pcsc/lib" >> /etc/ld.so.confroot% ldconfigroot% mkdir /dev/pcscroot% mkdir /usr/local/pcsc/driversroot% echo "/usr/local/pcsc/sbin/pcscd" >> /etc/rc.d/rc.local |
Note
For security reasons we should create a special account with the good privileges to start the daemon.
You can test:
PC/SC Lite installation and the SCard API with the tool testpcsc in src/
MuscleCard Framework API with the tool muscletest in src/
Your kernel or one of its module must manage the serial port.
Get the root privileges.
root% cd /dev/pcscroot% ln -s ../ttyS0 1 (if you connect the reader on the COM1)root% cd /usr/local/pcsc/drivers |
Download the last version of ifd-gempc-x.y.z.tar.gz [RousseauWeb].
root% tar xvzf ifd-gempc-x.y.z.tar.gzroot% cd /usr/local/pcsc/drivers/ifd-gempc-x.y.z/GemPC410 |
INCS = -I/usr/local/pcsc/include |
root% make |
FRIENDLYNAME "Gemplus GemPC410 Reader" DEVICENAME GEMCORE LIBPATH /usr/local/pcsc/drivers/ifd-gempc-x.y.z/GemPC410/libGemPC410.so CHANNELID 1 |
Download ifd-sm-x.y.z.tar.gz [SauveronWeb]
root% tar xvzf ifd-sm-x.y.z.tar.gzroot% cd ifd-sm-x.y.zroot% make |
FRIENDLYNAME "SM1 Reader" DEVICENAME SM1 LIBPATH /usr/local/pcsc/drivers/ifd-sm-x.y.z/libsm_ifd.so CHANNELID 1 |
Download towitoko-x.y.z.tar.gz
user% tar xzvf towitokox.y.z.tar.gzuser% cd towitokox.y.zuser% ./configure --prefix=/usr/local/pcsc/drivers/towitoko --enable-usb-bundle --with-pcsc-lite-dir=/usr/local/pcscuser% makeuser% make check |
root% make install |
FRIENDLYNAME "TOWITOKO CHIPDRIVE extern 320" DEVICENAME CHIPDRIVE320 LIBPATH /usr/local/pcsc/drivers/towitoko/lib/libtowitoko.so CHANNELID 1 |
Your kernel or one of its module must handle the USB. For me:
root% modprobe usbcoreroot% modprobe usb-uhci irq 11root% mount -t usbdevfs none /proc/bus/usb |
Download ccid-x.y.z.tar.gz [PCSCLite]. This driver needs libusb (cf. the libusb section).
user% tar xvzf ccid-x.y.z.tar.gzuser% cd ccid-x.y.zuser% ./configure --enable-libusb=/usr/local/user% make |
root% make install |
Plug your reader and get the informations with lsusb -v or cat /proc/bus/usb/devices If you obtain for the SCR331 an idProduct's value equal to 0xe000, you must upgrade the firmware explained in the following procedure. Else if you obtain 0xe001 you must choose to use the generic CCID driver (cf. section Generic CCID readers) or install the SCM driver as described at the end of this section.
Procedure 1. Upgrade the firmware
The firmware in the USB reader can be updated to the latest version, which should work with the GNU/Linux driver on SCM's web site:
Find a windows machine (an unfortunate necessity)
Download and install the SCRx31_USB_1.40_signed.zip windows driver from http://www.scmmicro.com/security/secureCard-downloads.html (Click on the SCR331 PCSC link.) Personally I use SCR331 Installer V2.05.zip.
Download the USB-FWUpdate.zip program.
Download the new firmware (SCRx31_Firmware_4.13.zip).
Run the USB-FWUpdate program and select the .bin file from the firmware package.
Now the USB reader should be upgraded to the CCID version.
Throw your windows system away and plug the reader into your GNU/Linux box. Now lsusb -v or cat /proc/bus/usb/devices shall give an idProduct set up at 0xe001.
Install the GNU/Linux driver from ftp://ftp.scmmicro.com/security/drivers/scr331ccidDriver-0.9.0-1.i386.rpm On my Slackware, I converted the rpm to a tgz file using rpm2tgz
tar xvzf scr331ccidDriver-0.9.0-1.i386.tgz |
Download towitoko-x.y.z.tar.gz
user% tar xzvf towitokox.y.z.tar.gzuser% cd towitokox.y.zuser% ./configure --prefix=/usr/local/pcsc/drivers/towitoko --enable-usb-bundle --with-pcsc-lite-dir=/usr/local/pcscuser% makeuser% make check |
root% make install |
1) Installation of the module for the pcmcia card GRP400: This is necessary to handle the PCMCIA. Download the sources of the pcmcia-cs [PCMCIA-CS]
user% tar xvzf pcmcia-cs-3.1.34.tar.gz |
user% cd pcmcia-cs-3.1.34user% tar xvzf gpr400_cs-0.9.6.tar.gz |
user% make configuser% make all |
root% make installroot% mknod /dev/gpr400 c 123 0root% chmod 0666 /dev/gpr400 |
root% cd /dev/pcscroot% ln -s ../gpr400 5root% cd /usr/local/pcsc/driversroot% tar xvzf ifd-gpr400-0.3.tar.gzroot% cd ifd-gpr400-0.3 |
/* typedef unsigned long DWORD; typedef unsigned long* PDWORD; typedef unsigned char UCHAR; typedef unsigned char* PUCHAR; typedef char* LPSTR; typedef long RESPONSECODE; */ |
FRIENDLYNAME "Gemplus GPR400 Reader" DEVICENAME GPR400 LIBPATH /usr/local/pcsc/drivers/ifd-gpr400-0.3/libgpr400_ifd.so CHANNELID 5 |
Note
I have submitted a modified version of this driver to Joe Phillips.
Download libusb-0.1.7.tar.gz [LibUSB].
user% tar xvzf libusb-0.1.7.tar.gzuser% cd libusb-0.1.7user% ./configureuser% make |
root% make install |
Download the JDKs.
Note
Do some scripts to set up the environment.
Get the root privileges.
root% cd /usr/localroot% tar xvzf jdk-1_2_2_011-linux-i386.tar.gz |
Get the root privileges.
root% cd /usr/localroot% tar xvzf j2sdk-1_3_1_04-linux-i586.bin |
For the SUN JDK 1.2.2 and the SUN JDK 1.3.1 Download symbol.ttf Get the root privileges.
root% cp symbol.ttf $JAVA_HOME/jre/lib/fonts/ |
Get on the Gemplus CD of GemXPresso RADIII the linux_commapi_conf.tar
user% tar xvf linux_commapi_conf.tar |
root% cp comm.jar $JAVA_HOME/jre/lib/ext/root% cp javax.comm.properties $JAVA_HOME/jre/lib/root% cp jcl.jar $JAVA_HOME/jre/lib/ext/ |
root% cp libSerial.so $JAVA_HOME/jre/lib/i386/root% cp libParallel.so $JAVA_HOME/jre/lib/i386/ |
root% cp libSerial.so $JAVA_HOME/jre/lib/ext/root% cp libParallel.so $JAVA_HOME/jre/lib/ext/ |
Note
For using the serial port the user must have the rights rw on it. As root do root% chmod 666 /dev/ttyS?
Download the JCDKs. Get the root privileges.
root% cd /usr/localroot% mkdir javacardroot% cd javacard |
Note
Do some scripts to set up the environment.
The install does not work with the JDK 1.2.2 Get the root privileges mount the 'cdrom' with the GemXPresso RAD III CD. cd 'cdrom'/Unix I have chosen to install the different components in /opt/gemxpresso.rad3/To install the RAD III:
root% ./RAD3_INS.bin |
root% ./CP_V1.binroot% ./CP_V2.binroot% ./CP_PK.bin |
root% ./FPK_SP.bin |
root% ./OCF_INS.bin |
if you wish using the communication APIs installed by yourself do
user% export RAD_HOME=/opt/gemxpresso.rad3
if you choose to use the APIs installed by the kit do
user% source /etc/gxp_rad_profile
Note
For using PC/SC with the OCF to PCSC bridge, it is not necessary to have the rights on the device because the pcscd daemon runs with the rights allowing the access.
The installOCF.class provided by [OCF] does not work on my Linux. Get the root privileges.
root% /usr/local/root% ln -s /opt/gemxpresso.rad3/Ocf1.2/ ocf |
Download OCFPCSC1-0.0.1.tar.gz [MUSCLE]. Contrary to this is written in the documentation it is possible to have more than one reader in the /etc/readers.conf
user% tar xvzf OCFPCSC1-0.0.1.tar.gzuser% cd OCFPCSC1-0.0.1 |
JDK_HOME = /usr/local/jdk1.2.2 PCSC_HDRS = -I/usr/local/pcsc/include PCSC_LIBS = -L/usr/local/pcsc/lib -lpcsclite -lpthread INCLUDE = -I$(JDK_HOME)/include -I$(JDK_HOME)/include/linux $(PCSC_HDRS) |
user% make |
root% make install |
OpenCard.terminals = com.ibm.opencard.terminal.pcsc10.Pcsc10CardTerminalFactory |
OpenCard.terminals = com.ibm.opencard.terminal.pcsc10.Pcsc10CardTerminalFactory |
# I set OCF_LIB OCF_LIB=$RAD_HOME/Ocf1.2/lib |
# ======================== OCF ============================= CLASSPATH=\$CLASSPATH\ :$RAD_LIB/base-core.jar\ :$RAD_LIB/base-opt.jar\ :$RAD_LIB/pcsc_wrapper.jar\ :$OCF_LIB/reference-terminals-windows.jar\ export CLASSPATH |
user% unzip jpcsc-72.zipuser% cd jpcscuser% make |
root% make install |
root% echo "/usr/local/pcsc/lib" >> /etc/ld.so.confroot% ldconfig |
Get the root privileges.
root% cd /opt tar xvzf jctools-2.1-linux.tgzroot% cd /opt/jctools-2.1-linux/etc/ideroot% chmod 666 classtemplate.txtroot% chmod 666 classheader.txtroot% chmod 666 scriptheader.txtroot% chmod 666 methodheader.txtroot% chmod 666 fieldheader.txt |
Download opensc-x.y.z.tar.gz [OpenSC].
user% tar xvzf opensc-x.y.z.tar.gzuser% ./configure --prefix=/usr/local/opensc --with-pcsclite=/usr/local/pcscuser% make |
TO DO!
TO DO!
Download the last version of muscleTools.
user% tar xvzf muscleTools-x.y.z.tar.gzuser% cd muscleTools-x.y.z |
CFLAGS = -g -Wall -I/usr/local/pcsc/include LIBS = -L/usr/local/pcsc/lib -lmusclecard -lpthread |
user% make |
root% make install |
The plugin are used by the muscle framework to manage the different cards. For example the MCardPlugin is used to handle a Java Card using the MCardApplet and the CFlexPlugin is used for the Cryptoflex card.
[PCSCLite] PC/SC Lite. http://alioth.debian.org/projects/pcsclite/.
[MUSCLE] MUSCLE. http://www.linuxnet.com/.
[SauveronWeb] Driver for SM1. http://damien.sauveron.free.fr/.
[RousseauWeb] GemCore based PC/SC reader drivers. http://ludovic.rousseau.free.fr/softwares/ifd-GemPC/.
[JPC/SC] The JPC/SC specifications and driver. http://www.linuxnet.com/middleware/.
[OCF] OpenCard Framework. http://www.opencard.org/.
[PCSCSpec] PC/SC Specifications. http://www.pcscworkgroup.com/.
[CCIDSpec] Chip/Smart Card Interface Devices (CCID). http://www.usb.org/developers/.
[LibUSB] The libusb project home. http://libusb.sourceforge.net/.
[PCMCIA-CS] Linux PCMCIA Information Page. http://pcmcia-cs.sourceforge.net/.
[JavaCardSpec] Java Card™ 2.2 Specifications. Sun microsystems. http://java.sun.com/products/javacard/.
[OpenSC] OpenSC. http://www.opensc.org/.
[OpenCT] OpenCT. http://www.opensc.org/.