How do I install and configure a Security Card (CAC) Reader for Ubuntu 13.04

security

I need to be able to access websites that require the use of a security card and reader. (i.e Miliary ID) I've successfully setup my Ubuntu 13.04 PC to do so and wanted to share the steps here.

The card reader used is a SCR3310. It works with no additional set up. If you are using a different card reader you may need to install additional drivers.


#Install packages

sudo apt-get install libpcsclite1 pcscd pcsc-tools

#Install CacKey Cackey is available at https://software.forge.mil/sf/projects/community_cac
Ironically enough, it requires CAC access to login.

If you cannot access DISA's Forge.mil website, (Because it requires CAC access)

You can Download the 32bit Deb file here.

MD5: 37398d413221b7d6c6ee539978feec47
SHA1: 3ccfc97610b1b3503084caa7f1924c52d2f1a1b4

Or, the 64 bit Deb here.

 MD5: 3935d1376ae7175f9814505c59a917f7
 SHA1: 153b30d025869679238444e2ef0545ed7185f4f8

Download .deb
Use Software Center to install by double-clicking on the .deb
You will get a warning about the package being of low quality. Just continue.

After it finishes installing, open a terminal and run pcsc_scan to test the card reader.

*** Note: For 13.10 I had to create a /usr/lib64 directory before CACkey would install.
The command to use is sudo mkdir /usr/lib64 . After creating that directory it installed fine. ***

#Download DoD certs http://dodpki.c3pki.chamb.disa.mil/rootca.html
Click on each link to download.
You will get warnings about these not being approved, just click "OK"

#Add CAC Module to Firefox as a Security Device 1.Edit > Preferences Menu

2.Advanced Section

3.Certificates Tab

4.Security Devices Button

5.Load Button

In the Dialoge box that pops up enter "CAC Module" as the module name, & enter /usr/lib64/libcackey.so as the module filename.

#Test your set-up You can test your set-up by logging into a site that requires CAC access such as https://www.us.army.mil

You should be prompted for the "Master Password". This is simply your PIN associated with your card.

For what it's worth this has worked flawlessly for me in 13.04. Even Enterprise E-mail OWA, which I could not get to work under 12.10. *** Update: Tested with 13.10 works great, including access to OWA. ***


Ubuntu Steps for Enterprise Email

The military has recently migrated away from AKO Email and moved to a new solution called Enterprise Email (also commonly referred to as EE). Additionally, a software component called, Coolkey, was previously utilized for authentication and has been replaced by CACKey. This change has led to a great deal of access issues either due to a navigation issue from the AKO website or security software not being properly configured. The below outline describes the process of accessing Enterprise Email and installing the necessary drivers and software to access Enterprise Email and a variety of other secure military websites.

First update the OS to make sure that all existing software libraries are up to date and functioning properly.

username@systemname $ sudo apt-get update
username@systemname $ sudo apt-get upgrade -y

Next, prepare a staging area for downloaded drivers that will be installed for the SmartCard Reader to be recognized by the computer and function on military websites and most importantly, to access your Enterprise Email. Additionally, we can also store the CACKey download at this location for future installation.

username@systemname ~ $ cd ~ && mkdir Army_EE && cd ~/Army_EE

Downloads

Follow "This Link" to acquire the files necessary to complete the installation.

CAC Reader Driver Installation

Depending on your choice of CAC Reader, you will need to navigate to the manufacturer's website and download the appropriate linux driver for your device. Unfortunately, the installation process of the the driver can be unique between each manufacturer. Please read the instructions provided with the downloaded file within the created folder.

After installing your CAC Reader Driver, install the following packages to access your CAC.

username@systemname ~/Army_EE $ sudo apt-get install libudev-dev -y
username@systemname ~/Army_EE $ sudo apt-get install libusb-1.0-0-dev -y
username@systemname ~/Army_EE $ sudo apt-get install autoconf build-essential libccid libpcsclite1 libpcsclite1-dbg libpcsclite-dev libpcsc-perl pcsc-tools pcscd

CACKey Installation

Next, we'll install CACKey which is probably one of the most confusing aspects of this installation. Utilizing various sources online, it can be noted that CACKey is available from software.forge.mil but can only be accessed by utilizing a CAC Reader and your CAC? (Definitely not the best way of securing the installation since the AKO website would have been more plausible a solution)

If you cannot access DISA's Forge.mil website, (because it requires CAC access) it can be downloaded from the following links.

Download the 32bit or 64bit Deb files are located in "Downloads" link. (Recommended install as it is architecture independent and should work with both 32bit & 64bit architectures)

32bit Deb HASH

MD5: 37398d413221b7d6c6ee539978feec47

SHA1: 3ccfc97610b1b3503084caa7f1924c52d2f1a1b4

64 bit Deb HASH

MD5: 3935d1376ae7175f9814505c59a917f7

SHA1: 153b30d025869679238444e2ef0545ed7185f4f8

Download CACKey .deb file to ~/Army_EE and after the download completes, a folder needs to be created prior to installing the file. Depending on your architecture download you will need to run either of the two following commands.

32bit Deb

username@systemname ~ $ sudo mkdir /usr/lib32

64bit Deb

username@systemname ~ $ sudo mkdir /usr/lib64

After creating the above folder, navigate to the folder where the file was downloaded and double-click the file. This will launch Software Center and prompt for the system root password to install CACKey. After authenticating, click install and acknowledge the warning prompt to continue the installation process.

Firefox Browser Configuration

Then in a Firefox web browser session, navigate to the following URL and read the instructions within to install the DoD Root Certificates

Instructions and DoD Root Certificate downloads http://dodpki.c3pki.chamb.disa.mil/rootca.html (Note: During installation, there will be a significant amount of "Alert" messages presented by the Firefox browser indicating that the certificates are not being loaded. Please proceed with acknowledging the error to continue through the process for the "Alert" prompt and any and all proceeding alerts throughout the installation import process.)

Additionally, an alternative option is available by installing the Firefox DoD Configuration Extension below Download the DoD Configuration Extension for Firefox from "Downloads" link. (Note: Let it install the plugin and restart, there will may be "error" messages presented by the Firefox browser, please proceed with acknowledging the messages to continue the installation process and restart the browser)

Then from the Firefox Toolbar, go to: Options > Preferences > Advanced > Certificates

Certificates radio setting should be: “Ask me every time”

Click on Security Devices button > Load

Then name the "Module Name" field: DoD Certificates

Click “Browse” go to: File System > usr > lib64 > libcackey.so

Finally click Open > OK > OK

I've tried this from Ubuntu 14 and Mint 17 with success in both distributions.

Related

How can I use complex filters by protocol in tcpdump?
how do i make sure both www.example.com and example.com lead to my home page in Apache2? [duplicate]
Use of word “HOW” for exclamation or praise
Alternative phrase to "Let your friends direct your movies"
Which one of these sentences is better? A thesis title - Apostrophes Showing Possession [closed]
What is a hypernym for different fields of expertise? [duplicate]
What does the phrase "end over end" mean here?
Except VERSUS excluding
"A system" is considered singular or plural? [closed]
Difference between medium and long sized hyphen? [duplicate]
Is there a term for word sets that are like a palindrome but for whole set of words? [duplicate]
Using "since" in interrogative sentences