Installation of smart card reader and smart card drivers in Linux

От Infonotary
Направо към навигацията Направо към търсенето

Installing the driver for the reader

All readers, offered by InfoNotary EAD have drivers for Linux, which can be downloaded from the website of the manufacturer's - OmniKey or ACS. In some cases, these drivers can be installed directly through the packaging system of your distribution.

Installation of PC / SC

Regardless of the model of your reader, you will need to install the package 'pcscd'. This is the daemon through which programs work with the reader and smart card respectively. After installation of the new driver for the reader must restart pcscd. If you install drivers from the package, it will probably restart daemon.

WarningYellow.png In some distributions, together with the installation of pcscd installed and alternate demon Management readers - 'openct'. For correct operation of the reader will have to deinstalrate or if it can not be done without removing and pcscd, forbid him to run.

Types of readers

OmniKey

CardMan6121.gifCardMan3021.png

To use smart card readers on OmniKey Linux, you will need to install the official driver OmniKey instead of libccid that is included in most distributions.

If you use Debian, Ubuntu or Mint you can install it directly from our apt repository. Package name is pcsc-omnikey. After this package is installed you can proceed directly to installation of smart card driver.

If you use different distribution or prefer to install driver manually, you can now download it from their site or from Reader drivers. Before you install the driver must have installed 'pcscd and you uninstalled or disabled 'openct.

At the output of the command lsusb these readers appear in the following ways:

ID 076b:6622 OmniKey AG CardMan 6121
ID 076b:3021 OmniKey AG CardMan 3021

Each reader with ID starting with 076b work with the same driver.

Driver installation

HID Global did not provide standard installation packages for Linux, so to install the driver must take the following steps:

  1. Unzip the downloaded tar.gz package in your home folder. This is the folder with your user name.
  2. Open a terminal and change the working folder to that obtained decompressing. 64 bit version is the command cd ~/ifdokccid_linux_x86_64-v4.1.5, and for 32 bit is cd ~/ifdokccid_linux_i686-v4.1.5. In case you unzip it to another folder, you can type in the terminal "cd", to grab the folder from the file manager and to drag and drop on the terminal. This will give you the correct command.
  3. Run the command sudo ./install to install or su -c ./install if you dont use sudo.
  4. Restart the daemon with the command sudo service pcscd restart.
Setting up pcscd to run the system

If you are using Ubuntu 11.04, 11.10 or 04.12 will need to set pcscd to run with the system. If you use another distribution or version of Ubuntu skip to the next section - remove libccid. In these versions of Ubuntu daemon is configured to run as a normal user, but the driver of HID Global can not work that way. This is done by changing the init script pcscd (/etc/init.d/pcscd). You can open this file with the command sudo gedit /etc/init.d/pcscd. You can find this section:

# DO NOT start the daemon on startup
# comment the line to have the same behavior as in version < 1.6.0
exit 0

and put # at the beginning of the line „exit 0“:

# DO NOT start the daemon on startup
# comment the line to have the same behavior as in version < 1.6.0
#exit 0

After this change, you must stop all running instances of pcscd and drop it from the boot script. In Ubuntu this is achieved by the consistent release of the following commands sudo killall pcscd and sudo service pcscd start.

Remove libccid

In some distributions free reader driver libccid is installed with pcscd. It does not work correctly with these readers, so if you don't use a reader that works only through libccid, uninstall it. In order not to remove the demon when uninstalling libccid, you can install any other package providing pcsc-ifd-handler - for example libacr38u. The exact command for Ubuntu is sudo apt-get install libacr38u && sudo apt-get remove libccid.

If in the distribution you use, you can not remove libccid, without removing pcscd, you will need to remove or disable the driver manually. This is the situation with some versions of Red Hat, Fedora and their derivate distributions.

More destructive option is to simply delete the driver from the pcscd folder. In Fedora it is /usr/lib/pcsc/drivers/ifd-ccid.bundle or /usr/lib64/pcsc/drivers/ifd-ccid.bundle in x86_64 version. With the following command you can move it to the home folder - H=$HOME; sudo mv /usr/lib/pcsc/drivers/ifd-ccid.bundle $H. In case you want to use another reader that works only through libccid, you can not uninstall it. Instead you need to remove the description of the OmniKey readers from libccid configuration file - /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist. The easiest way to do this is to replace every occurrence of the string 0x076B with 0xFFFF. If you disable libccid this way, note that the changes in its configuration file will be lost after update.

Testing Installation

To check which one driver using pcscd, you need to run in debug mode with parameters-fd. For example, on Ubuntu this can be done this way - sudo /usr/sbin/pcscd -f. In the output of this command should have something like this:

HID HID Global OMNIKEY CCID IA32 v3.7.0 eusupport@hidglobal.com

If this sign is not show than the driver of Omnikey is not loaded. Most likely reason for this is that you have installed some of the following libccid or openct. In most cases when you delete this packages the problem is fixed.

ACS

ACR 38U.pngACR 38T.png

ACR38U and some versions of ACR38T are not CCID compatible, for them you have to install the drivers from here or in folder Drivers/Linux/ACS on the CD. They are also include in Debian and Ubuntu, and the name of the package is libacr38u.

The result of the command lsusb this readers are shown this way:

ID 072f:9000 Advanced Card Systems, Ltd ACR38 AC1038-based Smart Card Reader
ACR 38C

If you reader is labeled ACR38C-SPC-R on the bottom side, or it has a sign SIMLector 38T on the outside of the reader or sign mLector-S then he is CCID compatible and it is supported by libccid. Most likely the package containing this driver is called libccid or just ccid. Altought through libccid, this readers can work, they can work also with drivers supported from their manifactorer - libacsccid1. It is a free software. In case you use both Omnikey and ACS it is best to use libacsccid1 instead libccid.

For this readers lsusb the result is:

ID 072f:90cc Advanced Card Systems, Ltd ACR38 SmartCard Reader

Installing smart card drivers

Warning.jpg According to what is the model of your card, you have to use different software. If the model of the card is „T&S DS/2048 (L)“, you have to install bit4id-ipki from folder Install/Linux on CD or from our repository. If the model is „CardOS V4.3B (C)“, you will have to install OpenSC.

To check smart card model you can use pcsc_scan. This program shows what reader and cards are plugged. In Debian and Ubuntu it is contained in package pcsc-tools. If it shows Siemens CardOS V4.3B, you must use OpenSC. If it says Universita' Degli Studi di Torino (Infocert), you must use bit4id-ipki.

Warning.jpg OpenSC 0.16 and later versions expect reader driver to provide information for hardware capabilities contrary to the PC / SC standard. If you are using OpenSC with OmniKey reader you must set maximum message size manually in configuration file. In section reader_driver pcsc you must uncomment max_send_size and max_recv_size and set bot variables to at least 300 bytes:

   reader_driver pcsc {
       max_send_size = 1024;
       max_recv_size = 1024;

More information is available in OpenSC issue and relevant part of PC/SC specification.

Installation check

If you have problem using your certificate, you can run the following program to identify it:

It can send information directly to us. After report is accepted, it will show nine digit number, that can be used by our support team to see test result. If you do not have Internet connection or direct sending failed, you can save report and send it to support@infonotary.com.

Reader and card should be connected to the computer when test program is started.

This program uses one of following packages to show its user interface - python-tk for Debian/Ubuntu, tkinter for Fedora/RedHat or zenity. If you do not have any of them installed, it will still work, but only from terminal.