Bug 741043 - esc will not format a Java Card (JCOP21)
Summary: esc will not format a Java Card (JCOP21)
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: esc
Version: 15
Hardware: i386
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Jack Magne
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-24 16:00 UTC by brian.broussard
Modified: 2011-11-17 19:09 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-17 19:09:29 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description brian.broussard 2011-09-24 16:00:37 UTC
Description of problem:
Insert JCOP21 card ESC opens will not allow card to be formatted. Does it have to be formatted outside of esc? 

2.6.38.6-26.rc1.fc15.i686.PAE

esc-1.1.0-16.fc15.i686
coolkey-1.1.0-19.fc15.i686
xulrunner-6.0.2-1.fc15.i686
globalplatform-5.0.0-10.fc15.i686
pcsc-tools-1.4.17-2.fc15.i686
opencryptoki-2.3.3-2.fc15.i686

Have a dogtag package up and running trying to load a cert on to the Java Card.

Comment 1 Jack Magne 2011-09-26 19:51:46 UTC
Brian:

That operation required interaction with some dogtag servers. Let me dig up some documentation for you on that.

Comment 2 brian.broussard 2011-09-28 16:34:45 UTC
Hello I am looking for the applet/ document on getting JCOP cards to operate width Fedora 15/16 (DogTag / ESC / FireFox) 

-using esc(on linux) to load cert from a Dogtag server. 
-used to login via PAM (Fedora boxes only) 
-used with sign on to a Glassfish Web app through firefox (OCSP from firefox on XP/Vista/Windows7/Fedora 15/16 and maybe MAC i am sure that will be asked) If there is a min Firefox need I can mandate that. 
 
RedHat and Fedora Documentation claim a Java / Global Platform should work... search for solution.  

Have the following cards NXP JPOC21-36 / NXP J2A80 / Samsung S3CC9E8.... not able to obtain the cards stated in the documentation as they are either out of production or I can not buy them from the MFG.  

If documentation does not exist then can you point me in the correct direction I will document what we implement and provide it back.  


(In reply to comment #1)
> Brian:
> 
> That operation required interaction with some dogtag servers. Let me dig up
> some documentation for you on that.

Comment 3 Jack Magne 2011-09-28 17:10:44 UTC
I just did a search and found some hits for the Gemalto piece listed here:

http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-single/Admin_Guide/index.html#supported-smart-cards

Comment 4 brian.broussard 2011-09-28 17:55:32 UTC
(In reply to comment #3)
> I just did a search and found some hits for the Gemalto piece listed here:
> 
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.0/html-single/Admin_Guide/index.html#supported-smart-cards

The Enterprise Security Client supports Global Platform 2.01-compliant smart cards and JavaCard 2.1 or higher.
The Certificate System subsystems have been tested using the following tokens:
Gemalto TOP IM FIPS CY2 64K token, both as a smart card and GemPCKey USB form factor key
Gemalto Cyberflex e-gate 32K token
Safenet 330J Java smart card
Smart card testing was conducted using the SCM SCR331 CCID reader.
The only card manager applet supported with Certificate System is the CoolKey applet which ships with Red Hat Enterprise Linux 5.3.



yes I can not precure either of the Gemalto cards been trying for 4 weeks now. and the Safenet 330J is out of production... 

Is there any documentation on placing the CoolKey applet onto a GP/JC card.  I have read everything I could find from CoolKey.... no help or I am not looking in the correct location.  

Also doe ESC load the applet of does the card need to have the applet loaded and  the PKCS15-init completed before ESC can use it.

Comment 5 brian.broussard 2011-11-17 19:09:29 UTC
moving on will try in Fedora 16


Note You need to log in before you can comment on or make changes to this bug.