Skip to content

Smart Card Release Testing

Jump to bottom
alt3r 3go edited this page Feb 18, 2024 · 45 revisions

Table of Contents

Test Results

  • 🌕 All tests passed
  • 🌖 Many tests passed
  • 🌗 Some tests passed
  • 🌘 Few tests passed
  • 🌑 Untested

OpenSC 0.25.0

Installer Windows macOS
Installation 🌑 🌑
Removal 🌑 🌑

The table below shows a list of all supported card drivers (opensc-tool --list-drivers) that have been tested in this release:

Smart Card Driver PKCS#11 Windows Minidriver macOS CTK
cardos 🌖 🌑 🌑
cyberflex 🌑 🌑 🌑
gemsafeV1 🌑 🌑 🌑
starcos 🌑 🌑 🌑
tcos 🌑 🌑 🌑
oberthur 🌑 🌑 🌑
authentic 🌑 🌑 🌑
iasecc 🌑 🌑 🌑
belpic 🌑 🌑 🌑
entersafe 🌑 🌑 🌑
epass2003 🌖 🌑 🌑
rutoken 🌑 🌑 🌑
rutoken_ecp 🌑 🌑 🌑
myeid 🌗 🌑 🌑
dnie 🌑 🌑 🌑
MaskTech 🌑 🌑 🌑
esteid2018 🌑 🌑 🌑
idprime 🌖 🌑 🌑
coolkey 🌕 🌑 🌑
muscle 🌑 🌑 🌑
sc-hsm 🌑 🌑 🌑
mcrd 🌑 🌑 🌑
setcos 🌑 🌑 🌑
PIV-II 🌗 🌑 🌑
cac 🌕 🌑 🌑
itacns 🌑 🌑 🌑
isoApplet 🌖 🌑 🌑
gids 🌖 🌑 🌑
openpgp 🌖 🌑 🌑
jpki 🌑 🌑 🌑
npa 🌑 🌑 🌑
cac1 🌕 🌑 🌑
nqapplet 🌑 🌑 🌑
skeid 🌑 🌑 🌑
eOI 🌑 🌑 🌑
default 🌑 🌑 🌑

The table below shows a list of all tested smart cards that were used:

Smart Card Driver Tested Smart Cards
PIV-II NIST Test Card v.1 9 (RSA2048), 4 (ECC), 13 (RSA1024, RSA2048)
NIST Test Card v.2 15 (ECC), 16 (RSA2048)
Yubikey 4 OTP+U2F+CCID
myeid Aventra MyEID v4.5 PKI card, Aventra MyEID v4.5.5, OsEID
idprime IDPrime 940, IDPrime 930, IDPrime MD 830, IDPrime 3810
cardos CardOS 5.3 (2023, 4k RSA, 2k RSA)
cac CAC test cards, virt_CACard
cac1 CAC test cards
openpgp OpenPGP Applet (JCardSim), Nitrokey Start (RTM.10), Nitrokey Pro 2 (0.14)
isoApplet IsoApplet v0 and v1 (JCardSim)
epass2003 ePass2003 PKI Token (2023)
gids GIDS Applet (JCardSim)
coolkey Coolkey Applet (JCardSim)

OpenSC 0.24.0

Installer Windows macOS
Installation 🌕 🌑
Removal 🌕 🌑

The table below shows a list of all supported card drivers (opensc-tool --list-drivers) that have been tested in this release:

Smart Card Driver PKCS#11 Windows Minidriver macOS CTK
cardos 🌖 🌑 🌑
cyberflex 🌑 🌑 🌑
gemsafeV1 🌑 🌑 🌑
starcos 🌑 🌑 🌑
tcos 🌑 🌑 🌑
oberthur 🌑 🌑 🌑
authentic 🌑 🌑 🌑
iasecc 🌑 🌑 🌑
belpic 🌑 🌑 🌑
entersafe 🌑 🌑 🌑
epass2003 🌖 🌑 🌑
rutoken 🌑 🌑 🌑
rutoken_ecp 🌑 🌑 🌑
myeid 🌖 🌑 🌑
dnie 🌑 🌑 🌑
MaskTech 🌑 🌑 🌑
esteid2018 🌑 🌑 🌑
idprime 🌖 🌑 🌑
coolkey 🌕 🌑 🌑
muscle 🌑 🌑 🌑
sc-hsm 🌖 🌗 🌑
mcrd 🌑 🌑 🌑
setcos 🌑 🌑 🌑
PIV-II 🌗 🌗 🌑
cac 🌕 🌑 🌑
itacns 🌑 🌑 🌑
isoApplet 🌖 🌑 🌑
gids 🌖 🌑 🌑
openpgp 🌖 🌑 🌑
jpki 🌑 🌑 🌑
npa 🌑 🌑 🌑
cac1 🌖 🌑 🌑
nqapplet 🌑 🌑 🌑
skeid 🌑 🌑 🌑
default 🌑 🌑 🌑

The table below shows a list of all tested smart cards that were used:

Smart Card Driver Tested Smart Cards
PIV-II PivApplet (JCardSim)
USB-C YubiKey 5C Nano
Thales IDPrime PIV v3.0 (detection only)
NIST Test Card 9 (v.1)
sc-hsm GoID 1.01, SmartCard-HSM 4K USB-Token (2023)
cac CAC Test Cards (Oberthur ID One, Gemalto GCX4), virt_CACard
coolkey 534e SafeNet Java Card with Coolkey Applet (1k RSA)
gids GIDS Applet (JCardSim)
myeid OsEID, Aventra MyEID 4.5.5
openpgp OpenPGP Applet (JCardSim), NitroKey Start (gnuk)
isoApplet IsoApplet v0 and v1 (JCardSim)
cardos CardOS 5.3 (2017, 2k RSA), CardOS 5.3 (2023, 4k RSA)
idprime IDPrime 940, IDPrime 930, IDPrime MD 830, IDPrime 3810
epass2003 ePass2003 PKI Token (2023)

OpenSC 0.23.0

Installer Windows macOS
Installation 🌕 🌑
Removal 🌕 🌑

The table below shows a list of all supported card drivers (opensc-tool --list-drivers) that have been tested in this release:

Smart Card Driver PKCS#11 Windows Minidriver macOS Tokend
cardos 🌕 🌕 🌑
cyberflex 🌑 🌑 🌑
gemsafeV1 🌑 🌑 🌑
starcos 🌑 🌑 🌑
tcos 🌑 🌑 🌑
oberthur 🌑 🌑 🌑
authentic 🌑 🌑 🌑
iasecc 🌑 🌑 🌑
belpic 🌑 🌑 🌑
entersafe 🌑 🌑 🌑
epass2003 🌑 🌑 🌑
rutoken 🌑 🌑 🌑
rutoken_ecp 🌑 🌑 🌑
myeid 🌑 🌑 🌑
dnie 🌑 🌑 🌑
MaskTech 🌑 🌑 🌑
esteid2018 🌑 🌑 🌑
idprime 🌕 🌑 🌑
coolkey 🌑 🌑 🌑
muscle 🌑 🌑 🌑
sc-hsm 🌕 🌕 🌑
mcrd 🌑 🌑 🌑
setcos 🌑 🌑 🌑
PIV-II 🌕 🌕 🌑
cac 🌕 🌑 🌑
itacns 🌑 🌑 🌑
isoApplet 🌘 🌑 🌑
gids 🌑 🌑 🌑
openpgp 🌘 🌑 🌑
jpki 🌑 🌑 🌑
npa 🌘 🌑 🌑
cac1 🌕 🌑 🌑
nqapplet 🌑 🌑 🌑
default 🌑 🌑 🌑

The table below shows a list of all tested smart cards that were used:

Smart Card Driver Tested Smart Cards
cardos CardOS 5.3, 2014
CardOS 4.2+
cac 2 old CAC test cards
CAC HID Alt token
cac1 old CAC test card
idprime IDPrime 3810
PIV-II IDEMIA Test card #1 ID-One PIV 2.4 on Cosmo v8.1
NIST Test PIV card 6, v1
Yubikey 4 OTP+U2F+CCID
sc-hsm GoID 1.01

OpenSC 0.22.0

Installer Windows macOS
Installation 🌕 🌑
Removal 🌕 🌑

The table below shows a list of all supported card drivers (opensc-tool --list-drivers) that have been tested in this release:

Smart Card Driver PKCS#11 Windows Minidriver macOS Tokend
cardos 🌕 🌑 🌑
flex 🌑 🌑 🌑
cyberflex 🌑 🌑 🌑
gpk 🌑 🌑 🌑
gemsafeV1 🌑 🌑 🌑
asepcos 🌑 🌑 🌑
starcos 🌑 🌑 🌑
tcos 🌑 🌑 🌑
oberthur 🌑 🌑 🌑
authentic 🌑 🌑 🌑
iasecc 🌕 🌗 🌑
belpic 🌑 🌑 🌑
incrypto34 🌑 🌑 🌑
akis 🌑 🌑 🌑
entersafe 🌑 🌑 🌑
epass2003 🌑 🌑 🌑
rutoken 🌑 🌑 🌑
rutoken_ecp 🌑 🌑 🌑
myeid 🌕 🌗 🌑
dnie 🌑 🌑 🌑
MaskTech 🌑 🌑 🌑
atrust-acos 🌑 🌑 🌑
westcos 🌑 🌑 🌑
esteid2018 🌑 🌑 🌑
idprime 🌕 🌑 🌑
edo 🌑 🌑 🌑
coolkey 🌑 🌑 🌑
muscle 🌑 🌑 🌑
sc-hsm 🌗 🌑 🌑
mcrd 🌑 🌑 🌑
setcos 🌑 🌑 🌑
PIV-II 🌕 🌑 🌘
cac 🌕 🌑 🌑
itacns 🌑 🌑 🌑
isoApplet 🌘 🌑 🌑
gids 🌘 🌑 🌑
openpgp 🌕 🌑 🌑
jpki 🌑 🌑 🌑
npa 🌑 🌑 🌑
cac1 🌑 🌑 🌑
default 🌑 🌑 🌑

The table below shows a list of all tested smart cards that were used:

Smart Card Driver Tested Smart Cards
PIV-II PivApplet (JCardSim), Yubikey 4, NIST Test PIV cards (3-10, 12-14, 16)
cac virt_CACard (CI), HID CAC Alt token, old CAC cards
coolkey 534e SafeNet Java Card with Coolkey Applet (CI)
gids GIDS Applet 1.3 (JCardSim)
openpgp OpenPGP Applet (JCardSim), Nitrokey Start
cardos CardOS 5.3
idprime IDPrime (OS v1)
sc-hsm GoID 1.01
isoApplet IsoApplet v0.6.1 (JCardSim)

OpenSC 0.21.0

Installer Windows macOS
Installation 🌑 🌕
Removal 🌑 🌕

The table below shows a list of all supported card drivers (opensc-tool --list-drivers) that have been tested in this release:

Smart Card Driver PKCS#11 Windows Minidriver macOS Tokend
cardos 🌖 🌑 🌑
flex 🌑 🌑 🌑
cyberflex 🌑 🌑 🌑
gpk 🌑 🌑 🌑
gemsafeV1 🌑 🌑 🌑
asepcos 🌑 🌑 🌑
starcos 🌑 🌑 🌑
tcos 🌑 🌑 🌑
oberthur 🌑 🌑 🌑
authentic 🌑 🌑 🌑
iasecc 🌘 🌑 🌑
belpic 🌑 🌑 🌑
incrypto34 🌑 🌑 🌑
akis 🌑 🌑 🌑
entersafe 🌑 🌑 🌑
epass2003 🌑 🌑 🌑
rutoken 🌑 🌑 🌑
rutoken_ecp 🌑 🌑 🌑
myeid 🌘 🌑 🌑
dnie 🌑 🌑 🌑
MaskTech 🌑 🌑 🌑
atrust-acos 🌑 🌑 🌑
westcos 🌑 🌑 🌑
esteid2018 🌑 🌑 🌑
idprime 🌖 🌑 🌑
edo 🌑 🌑 🌑
coolkey 🌘 🌑 🌑
muscle 🌑 🌑 🌑
sc-hsm 🌑 🌑 🌑
mcrd 🌑 🌑 🌑
setcos 🌑 🌑 🌑
PIV-II 🌕 🌗 🌕
cac 🌘 🌑 🌑
itacns 🌑 🌑 🌑
isoApplet 🌘 🌑 🌑
gids 🌘 🌑 🌑
openpgp 🌘 🌑 🌑
jpki 🌑 🌑 🌑
npa 🌑 🌑 🌑
cac1 🌖 🌑 🌑
default 🌑 🌑 🌑

The table below shows a list of all tested smart cards that were used:

Smart Card Driver Tested Smart Cards
PIV-II PivApplet (JCardSim), YubiKey 5 Nano, NIST Test cards
cac CAC Test Cards (Oberthur ID One, Gemalto GCX4), virt_CACard
coolkey 534e SafeNet Java Card with Coolkey Applet
gids GIDS Applet (JCardSim)
iasecc Cosmo v8
myeid OsEID
openpgp OpenPGP Applet (JCardSim)
cardos CardOS 5.3 card
idprime idprime with os version 1

OpenSC 0.20.0

Installer Windows macOS
Installation 🌑 🌑
Removal 🌑 🌑

The table below shows a list of all supported card drivers (opensc-tool --list-drivers) that have been tested in this release:

Smart Card Driver PKCS#11 Windows Minidriver macOS Tokend
cardos 🌑 🌑 🌑
flex 🌑 🌑 🌑
cyberflex 🌑 🌑 🌑
gpk 🌑 🌑 🌑
gemsafeV1 🌑 🌑 🌑
miocos 🌑 🌑 🌑
asepcos 🌑 🌑 🌑
starcos 🌑 🌑 🌑
tcos 🌑 🌑 🌑
jcop 🌑 🌑 🌑
oberthur 🌑 🌑 🌑
authentic 🌑 🌑 🌑
iasecc 🌘 🌑 🌑
belpic 🌑 🌑 🌑
incrypto34 🌑 🌑 🌑
acos5 🌑 🌑 🌑
akis 🌑 🌑 🌑
entersafe 🌑 🌑 🌑
epass2003 🌑 🌑 🌑
rutoken 🌑 🌑 🌑
rutoken_ecp 🌑 🌑 🌑
westcos 🌑 🌑 🌑
myeid 🌘 🌑 🌑
sc-hsm 🌗 🌗 🌑
dnie 🌑 🌑 🌑
MaskTech 🌑 🌑 🌑
mcrd 🌑 🌑 🌑
setcos 🌑 🌑 🌑
muscle 🌑 🌑 🌑
atrust-acos 🌑 🌑 🌑
PIV-II 🌗 🌗 🌑
cac 🌘 🌑 🌑
itacns 🌑 🌑 🌑
isoApplet 🌘 🌑 🌑
gids 🌘 🌑 🌑
openpgp 🌘 🌑 🌑
jpki 🌑 🌑 🌑
coolkey 🌘 🌑 🌑
npa 🌑 🌑 🌑
default 🌑 🌑 🌑

The table below shows a list of all tested smart cards that were used:

Smart Card Driver Tested Smart Cards
PIV-II PivApplet (JCardSim), YubiKey 5 Nano
cac CAC Test Cards (Oberthur ID One, Gemalto GCX4), virt_CACard
coolkey 534e SafeNet Java Card with Coolkey Applet
gids GIDS Applet (JCardSim)
iasecc Gemalto MultiApp IAS/ECC v1.0.1
myeid OsEID
openpgp OpenPGP Applet (JCardSim)
sc-hsm GoID 1.01

OpenSC 0.19.0

Installer Windows macOS
Installation 🌕 🌕
Removal 🌕 🌕

The table below shows a list of all supported card drivers (opensc-tool --list-drivers) that have been tested in this release:

Smart Card Driver PKCS#11 Windows Minidriver macOS Tokend
cardos 🌗 🌗 🌑
flex 🌑 🌑 🌑
cyberflex 🌑 🌑 🌑
gpk 🌑 🌑 🌑
gemsafeV1 🌑 🌑 🌑
miocos 🌑 🌑 🌑
asepcos 🌑 🌑 🌑
starcos 🌑 🌑 🌑
tcos 🌑 🌑 🌑
jcop 🌑 🌑 🌑
oberthur 🌑 🌑 🌑
authentic 🌑 🌑 🌑
iasecc 🌗 🌑 🌑
belpic 🌑 🌑 🌑
incrypto34 🌑 🌑 🌑
acos5 🌑 🌑 🌑
akis 🌑 🌑 🌑
entersafe 🌑 🌑 🌑
epass2003 🌑 🌑 🌑
rutoken 🌑 🌑 🌑
rutoken_ecp 🌑 🌑 🌑
westcos 🌑 🌑 🌑
myeid 🌕 🌗 🌑
sc-hsm 🌖 🌖 🌖
dnie 🌑 🌑 🌑
MaskTech 🌑 🌑 🌑
mcrd 🌑 🌑 🌑
setcos 🌑 🌑 🌑
muscle 🌑 🌑 🌑
atrust-acos 🌑 🌑 🌑
PIV-II 🌕 🌑 🌑
cac 🌕 🌑 🌑
itacns 🌑 🌑 🌑
isoApplet 🌑 🌑 🌑
gids 🌑 🌑 🌑
openpgp 🌑 🌑 🌑
jpki 🌑 🌑 🌑
coolkey 🌕 🌑 🌑
npa 🌑 🌑 🌑
default 🌑 🌑 🌑

The table below shows a list of all tested smart cards that were used:

Smart Card Driver Tested Smart Cards
cardos CardOS 4.3B
cardos Atos CardOS 5.3 cards with RSA
sc-hsm GoID 1.00
iasecc Gemalto MultiApp IAS/ECC v1.0.1
myeid MyEID cards with PKCS#15-applet
PIV-II NIST Test PIV Cards 8 and 4
cac CAC Test Cards (Oberthur ID One, Gemalto GCX4)
coolkey 534e SafeNet Java Card with Coolkey Applet

OpenSC 0.18.0

Installer Windows macOS
Installation 🌕 🌕
Removal 🌕 🌕

The table below shows a list of all supported card drivers (opensc-tool --list-drivers) that have been tested in this release:

Smart Card Driver PKCS#11 Windows Minidriver macOS Tokend
cardos 🌖 🌗 🌑
flex 🌑 🌑 🌑
cyberflex 🌑 🌑 🌑
gpk 🌑 🌑 🌑
gemsafeV1 🌑 🌑 🌑
miocos 🌑 🌑 🌑
asepcos 🌑 🌑 🌑
starcos 🌘 🌘 🌑
tcos 🌑 🌑 🌑
jcop 🌑 🌑 🌑
oberthur 🌑 🌑 🌑
authentic 🌑 🌑 🌑
iasecc 🌘 🌑 🌑
belpic 🌑 🌑 🌑
incrypto34 🌑 🌑 🌑
acos5 🌑 🌑 🌑
akis 🌑 🌑 🌑
entersafe 🌑 🌑 🌑
epass2003 🌑 🌑 🌑
rutoken 🌑 🌑 🌑
rutoken_ecp 🌑 🌑 🌑
westcos 🌑 🌑 🌑
myeid 🌕 🌑 🌑
sc-hsm 🌖 🌖 🌑
dnie 🌑 🌑 🌑
MaskTech 🌑 🌑 🌑
mcrd 🌑 🌑 🌑
setcos 🌑 🌑 🌑
muscle 🌑 🌑 🌑
atrust-acos 🌑 🌑 🌑
PIV-II 🌖 🌑 🌑
cac 🌑 🌑 🌑
itacns 🌑 🌑 🌑
isoApplet 🌑 🌑 🌑
gids 🌑 🌑 🌑
openpgp 🌘 🌑 🌑
jpki 🌑 🌑 🌑
coolkey 🌑 🌑 🌑
npa 🌘 🌑 🌑
default 🌑 🌑 🌑

The table below shows a list of all tested smart cards that were used:

Smart Card Driver Tested Smart Cards
cardos CardOS 4.3B
sc-hsm GoID 1.00
starcos Starcos 3.4
openpgp OpenPGP Card 3.0
iasecc Gemalto MultiApp IAS/ECC v1.0.1
myeid MyEID cards with PKCS#15-applet
PIV-II NIST DEMO cards 1 and 7(with history object: 3 and 2)

OpenSC 0.17.0

Installer Windows macOS
Installation 🌕 🌕
Removal 🌕 🌕

The table below shows a list of all supported card drivers (opensc-tool --list-drivers) that have been tested in this release:

Smart Card Driver PKCS#11 Windows Minidriver macOS Tokend
cardos 🌕 🌕 🌕
flex 🌑 🌑 🌑
cyberflex 🌑 🌑 🌑
gpk 🌑 🌑 🌑
gemsafeV1 🌑 🌑 🌑
miocos 🌑 🌑 🌑
asepcos 🌑 🌑 🌑
starcos 🌑 🌑 🌑
tcos 🌑 🌑 🌑
jcop 🌑 🌑 🌑
oberthur 🌑 🌑 🌑
authentic 🌑 🌑 🌑
iasecc 🌗 🌑 🌗
belpic 🌕 🌑 🌑
incrypto34 🌑 🌑 🌑
acos5 🌑 🌑 🌑
akis 🌑 🌑 🌑
entersafe 🌕 🌕 🌕
epass2003 🌕 🌕 🌕
rutoken 🌑 🌑 🌑
rutoken_ecp 🌑 🌑 🌑
westcos 🌑 🌑 🌑
myeid 🌗 🌑 🌑
sc-hsm 🌕 🌕 🌕
dnie 🌕 🌑 🌑
MaskTech 🌑 🌑 🌑
mcrd 🌑 🌑 🌑
setcos 🌑 🌑 🌑
muscle 🌑 🌑 🌑
atrust-acos 🌑 🌑 🌑
PIV-II 🌕 🌑 🌑
cac 🌕 🌑 🌑
itacns 🌑 🌑 🌑
isoApplet (no ECDSA) 🌗 🌑 🌑
gids 🌑 🌑 🌑
openpgp 🌗 🌑 🌑
jpki 🌕 🌗 🌗
coolkey 🌕 🌑 🌑
npa 🌗 🌑 🌗
default 🌑 🌑 🌑

The table below shows a list of all tested smart cards that were used:

Smart Card Driver Tested Smart Cards
cardos CardOS 4.3B
sc-hsm GoID 0.9
npa German ID card
PIV-II NIST demo PIV card 1, 10
cac Expired test CAC card
iasecc IAS/ECC Gemalto, Gemalto MultiApp IAS/ECC v1.0.1
openpgp OpenPGP v2.0 card (ZeitControl)
openpgp Yubikey NEO
coolkey coolkey applet on SafeNet Java card
sc-hsm Nitrokey Nitrokey HSM
cardos CardOS 5.3
isoApplet IsoApplet in Swissbit secure microSD card

Test Cases

Installer

Installation

Windows

Test Steps

  1. Open the OpenSC installer (msi file extension)
  2. Follow the prompts for installation. Expected Result OpenSC has been installed
macOS

Test Steps

  1. Open the OpenSC image (dmg file extension)
  2. Open the OpenSC installer (pkg file extension)
  3. Follow the prompts for installation. Expected Result OpenSC has been installed

Removal

Windows

Test Steps

  1. Open Control Panel
  2. In Category view, click the "Uninstall a program" link under the "Programs" category. In Icon view, click the "Programs and Features" icon.
  3. Find and select "OpenSC smartcard framework".
  4. Click "Uninstall"
  5. Depending on which programs have loaded OpenSC, you will be prompted to reboot. Expected Result OpenSC is removed.
macOS

Test Steps

  1. Open a command line terminal (Terminal.app)
  2. Run sudo opensc-uninstall
  3. Enter your password Expected Result OpenSC is removed.

PKCS#11

pkcs11-tool

Test random number generation, digest calculation, signature, verification and decryption with the token using the PKCS#11 API.

Windows

Test Steps

  1. Open a command line terminal (cmd.exe).
  2. Run "C:\Program Files\OpenSC Project\OpenSC\tools\pkcs11-tool.exe" --login --test Expected Result No errors
Other Operating Systems

Test Steps

  1. Open a command line terminal.
  2. Run pkcs11-tool --login --test Expected Result No errors

Firefox

Load OpenSC PKCS#11 Module

Test Steps

  1. Open the Firefox preferences dialog. Choose Advanced > Encryption > Security Devices
  2. Choose Load
  3. Enter a name for the security module, such as "OpenSC".
  4. Choose "Browse..." to find the location of the PKCS11 module on your local computer, and choose "OK" when done.
Location of PKCS#11 module
Windows C:\Windows\System32\onepsc-pkcs11.dll
macOS /Library/OpenSC/lib/opensc-pkcs11.so
Other OS /usr/local/lib/opensc-pkcs11.so by default
Expected Result
Certificates and private keys are verified (see command line output). The token's certificates are shown in a dialog.

PIN Verification

Preconditions

  • OpenSC PKCS#11 module is loaded Test Steps
  1. Put the token on the reader.
  2. Open the Firefox preferences dialog. Choose Advanced > Encryption > Security Devices
  3. Select your Token from the OpenSC security device
  4. Click Log In and verify your PIN Expected Result User is logged in. The Log Out button becomes available.

TLS Client Authentication

Preconditions

  • The web server is configured for client authentication with the token's certificate (for example ./gnutls-http-serv with --x509cafile with issuers certificate or certificate from the card). Test Steps
  1. Put the token on the reader.
  2. Browse to the web server.
  3. Select a certificate from the token for authentication in the popup dialog.
  4. Verify your PIN. Expected Result User is authenticated.

OpenSSH

Preconditions

  • SSH server with allowed public key authentication (for example localhost)
  • Inserted card with either generally-visible RSA or ECDSA public keys or X.509 certificates

Without ssh-agent

Test steps

  1. Get the public keys from the card in OpenSSH format (for path the PKCS#11 library in your system use above table)
ssh-keygen -D /usr/local/lib/opensc-pkcs11.so
  1. Store the key(s) in ~/.ssh/authorized_keys in server
  2. Try to connect with ssh to this server:
ssh -I /usr/local/lib/opensc-pkcs11.so example.com

Expected Result

  • You are prompted for a PIN
  • You are authenticated to the server (and usually given a remote shell)

With ssh-agent

Test steps

  1. Start ssh-agent in current terminal window (if is not already running):
eval $(ssh-agent)
  1. Add the smartcard to the ssh-agent (for path the PKCS#11 library in your system use above table) and write your PIN:
ssh-add -s /usr/local/lib/opensc-pkcs11.so
  1. Get the public keys from the card in OpenSSH format:
ssh-add -L
  1. Store the key(s) in ~/.ssh/authorized_keys in server
  2. Try to connect (repetitively) with ssh to this server:
ssh example.com

Expected Result

  • You are NOT prompted for a PIN during each connection
  • You are authenticated to the server (and usually given a remote shell)

Note: This will not work for keys with ALWAYS_AUTHENTICATE attribute, because of OpenSSH bug #2638

Windows Minidriver

certutil -scinfo

Verify certificates and test private keys of the token.

Test Steps

  1. Open a command line terminal (cmd.exe).
  2. Run certutil -scinfo Expected Result Certificates and private keys are verified (see command line output). The token's certificates are shown in a dialog.

Windows Login or Unlock

Preconditions

  • The user's account is configured for login with the token's certificate.
  • Screen is locked by the user or the user is logged out. Test Steps
  1. Put the token on the reader.
  2. If needed, choose Other Credentials and select the smart card.
  3. Verify your PIN. Expected Result User is logged in.

TLS Client Authentication with Internet Explorer, Edge or Chrome

Preconditions

  • The web server is configured for client authentication with the token's certificate. Test Steps
  1. Put the token on the reader.
  2. Browse to the web server.
  3. Select a certificate from the token for authentication in the popup dialog.
  4. Verify your PIN. Expected Result User is authenticated.

Change PIN

Test Steps

  1. Put the token on the reader.
  2. Press CTRL + Alt + Del
  3. Choose Change a password
  4. Choose Other Credentials and select the smart card.
  5. Without a PIN pad reader change your PIN with the screen shown. With a PIN pad reader, leave the text fields empty and change your PIN on the reader. Expected Result PIN is changed.

macOS Tokend

Keychain Access

Test Steps

  1. Put the token on the reader.
  2. Open Keychain Access (keychainaccess.app), which is in the Utilities folder of your Applications folder.
  3. Find and click your token in the Keychains panel in the upper left. The main window shows the token's certificate.
  4. Click the closed lock in the upper left corner to verify your PIN. Expected Result User is logged in, the lock is unlocked.

TLS Client Authentication with Safari or Chrome

Preconditions

  • The web server is configured for client authentication with the token's certificate. Test Steps
  1. Put the token on the reader.
  2. Browse to the web server.
  3. Select a certificate from the token for authentication in the popup dialog.
  4. Verify your PIN. Expected Result User is authenticated.

Detaching and attaching reader with card inserted

Preconditions

  • A ThinLinc client using smart card authentication.
  1. Download ThinLinc client here https://www.cendio.com/thinlinc/download and install it.
  2. The ThinLinc client must be configured to run with the new OpenSC release. Run this in your home directory (Change <PATH TO PKCS11 MODULE> to the absolute path to opensc-pkcs11.so of the new release):
mkdir -p .thinlinc && echo "PKCS11_MODULE=<PATH TO PKCS11 MODULE>" >> .thinlinc/tlclient.conf
  1. Enable smart card authentication in the ThinLinc client:
echo "AUTHENTICATION_METHOD=scpublickey" >> .thinlinc/tlclient.conf
  1. Start ThinLinc client.
  2. Put the card in the reader and the certificate should be shown in the "Certificate" scroll down menu.

Test Steps

  • Detach the entire reader with card still in it.
  • Attach the reader again with the card in it.

Expected Result

  • The certificate is removed from the "Certificate" scroll down list when the reader is detached.
  • The certificates is shown again when the reader is attached.

Warning: Due to attempts to plant malicious links to our wiki, it is no longer open to anyone to edit. If you want to contribute to this, wiki, please open a pull request here: https://github.com/OpenSC/Wiki

Quick Start

User Documentation

Developer Documentation

Clone this wiki locally