_opensc_ rebased to version 0.16.0
The _opensc_ package has been upgraded to upstream version 0.16.0, which provides a number of bug fixes and enhancements over the previous version. Notable enhancements include:
* Added support for CoolKey applets.
* Added support for Common Access Card (CAC) cards.
Currently we support smart cards in RHEL via the coolkey module which supports Coolkey cards, CAC and PIV cards. There are customers which ask for opensc module support which supports PIV and other cards.
To simplify work-flows we should avoid having multiple PKCS#11 libraries, and provide one which can be used with all the cards we support. For that we should combine all the drivers to a single package, opensc, and as such we need to bring CAC and coolkey support to opensc.
For more information see http://wiki.brq.redhat.com/SecurityTechnologies/CryptoTeam/CoolkeyToOpenSCTransition
[root@dhcp129-77 ~]# rpm -qi opensc
Name : opensc
Version : 0.16.0
Release : 4.20170227git777e2a3.el7
Install Date: Mon 01 May 2017 01:34:30 PM EDT
Group : System Environment/Libraries
Size : 3256689
License : LGPLv2+
Signature : RSA/SHA256, Thu 13 Apr 2017 04:32:48 AM EDT, Key ID 199e2f91fd431d51
Source RPM : opensc-0.16.0-4.20170227git777e2a3.el7.src.rpm
Build Date : Thu 13 Apr 2017 04:04:15 AM EDT
Build Host : x86-017.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor : Red Hat, Inc.
URL : https://github.com/OpenSC/OpenSC/wiki
Summary : Smart card library and applications
All cards were detected by Firefox, esc and pkcs11-tool. Noticed this issue for coolkey cards https://bugzilla.redhat.com/show_bug.cgi?id=1448555
I had 1 question about PIV cards. Certain PIV cards have an application PIN and a global PIN, coolkey on firefox prompts for application pin for those cards whereas opensc with firefox prompts for global pin. Why is this difference?
That is very good question! I never used Coolkey properly so I noticed only that it asked for various pins, but never noticed that it is different on coolkey. I believe the PIV documents should be able to answer that:
On Page 4 we can see what are the PINs and which one is the default. It also says it is not so easy when one or the other should be used for which card. What PIV Test card were you using to notice this behavior? Does it work according this table?
OpenSC should be reading this preference from Discovery object as described in the document above. If it does not, it is a bug. If coolkey ignores this it is a bug in Coolkey (but probably not serious since it didn't matter for years).
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.