Smart Card Release Testing
Table of Contents
- Test Results
- Test Cases
- 🌕 All tests passed
- 🌖 Many tests passed
- 🌗 Some tests passed
- 🌘 Few tests passed
- 🌑 Untested
Installer | Windows | macOS |
---|---|---|
Installation | 🌑 | 🌑 |
Removal | 🌑 | 🌑 |
The table below shows a list of all supported card drivers (opensc-tool --list-drivers
) that have been tested in this release:
Smart Card Driver | PKCS#11 | Windows Minidriver | macOS CTK |
---|---|---|---|
cardos | 🌖 | 🌑 | 🌑 |
cyberflex | 🌑 | 🌑 | 🌑 |
gemsafeV1 | 🌑 | 🌑 | 🌑 |
starcos | 🌑 | 🌑 | 🌑 |
tcos | 🌑 | 🌑 | 🌑 |
oberthur | 🌑 | 🌑 | 🌑 |
authentic | 🌑 | 🌑 | 🌑 |
iasecc | 🌑 | 🌑 | 🌑 |
belpic | 🌑 | 🌑 | 🌑 |
entersafe | 🌑 | 🌑 | 🌑 |
epass2003 | 🌖 | 🌑 | 🌑 |
rutoken | 🌑 | 🌑 | 🌑 |
rutoken_ecp | 🌑 | 🌑 | 🌑 |
myeid | 🌗 | 🌑 | 🌑 |
dnie | 🌑 | 🌑 | 🌑 |
MaskTech | 🌑 | 🌑 | 🌑 |
esteid2018 | 🌑 | 🌑 | 🌑 |
idprime | 🌖 | 🌑 | 🌑 |
coolkey | 🌕 | 🌑 | 🌑 |
muscle | 🌑 | 🌑 | 🌑 |
sc-hsm | 🌑 | 🌑 | 🌑 |
mcrd | 🌑 | 🌑 | 🌑 |
setcos | 🌑 | 🌑 | 🌑 |
PIV-II | 🌗 | 🌑 | 🌑 |
cac | 🌕 | 🌑 | 🌑 |
itacns | 🌑 | 🌑 | 🌑 |
isoApplet | 🌖 | 🌑 | 🌑 |
gids | 🌖 | 🌑 | 🌑 |
openpgp | 🌖 | 🌑 | 🌑 |
jpki | 🌑 | 🌑 | 🌑 |
npa | 🌑 | 🌑 | 🌑 |
cac1 | 🌕 | 🌑 | 🌑 |
nqapplet | 🌑 | 🌑 | 🌑 |
skeid | 🌑 | 🌑 | 🌑 |
eOI | 🌑 | 🌑 | 🌑 |
default | 🌑 | 🌑 | 🌑 |
The table below shows a list of all tested smart cards that were used:
Smart Card Driver | Tested Smart Cards |
---|---|
PIV-II | NIST Test Card v.1 9 (RSA2048), 4 (ECC), 13 (RSA1024, RSA2048) |
NIST Test Card v.2 15 (ECC), 16 (RSA2048) | |
Yubikey 4 OTP+U2F+CCID | |
myeid | Aventra MyEID v4.5 PKI card, Aventra MyEID v4.5.5, OsEID |
idprime | IDPrime 940, IDPrime 930, IDPrime MD 830, IDPrime 3810 |
cardos | CardOS 5.3 (2023, 4k RSA, 2k RSA) |
cac | CAC test cards, virt_CACard |
cac1 | CAC test cards |
openpgp | OpenPGP Applet (JCardSim), Nitrokey Start (RTM.10), Nitrokey Pro 2 (0.14) |
isoApplet | IsoApplet v0 and v1 (JCardSim) |
epass2003 | ePass2003 PKI Token (2023) |
gids | GIDS Applet (JCardSim) |
coolkey | Coolkey Applet (JCardSim) |
Installer | Windows | macOS |
---|---|---|
Installation | 🌕 | 🌑 |
Removal | 🌕 | 🌑 |
The table below shows a list of all supported card drivers (opensc-tool --list-drivers
) that have been tested in this release:
Smart Card Driver | PKCS#11 | Windows Minidriver | macOS CTK |
---|---|---|---|
cardos | 🌖 | 🌑 | 🌑 |
cyberflex | 🌑 | 🌑 | 🌑 |
gemsafeV1 | 🌑 | 🌑 | 🌑 |
starcos | 🌑 | 🌑 | 🌑 |
tcos | 🌑 | 🌑 | 🌑 |
oberthur | 🌑 | 🌑 | 🌑 |
authentic | 🌑 | 🌑 | 🌑 |
iasecc | 🌑 | 🌑 | 🌑 |
belpic | 🌑 | 🌑 | 🌑 |
entersafe | 🌑 | 🌑 | 🌑 |
epass2003 | 🌖 | 🌑 | 🌑 |
rutoken | 🌑 | 🌑 | 🌑 |
rutoken_ecp | 🌑 | 🌑 | 🌑 |
myeid | 🌖 | 🌑 | 🌑 |
dnie | 🌑 | 🌑 | 🌑 |
MaskTech | 🌑 | 🌑 | 🌑 |
esteid2018 | 🌑 | 🌑 | 🌑 |
idprime | 🌖 | 🌑 | 🌑 |
coolkey | 🌕 | 🌑 | 🌑 |
muscle | 🌑 | 🌑 | 🌑 |
sc-hsm | 🌖 | 🌗 | 🌑 |
mcrd | 🌑 | 🌑 | 🌑 |
setcos | 🌑 | 🌑 | 🌑 |
PIV-II | 🌗 | 🌗 | 🌑 |
cac | 🌕 | 🌑 | 🌑 |
itacns | 🌑 | 🌑 | 🌑 |
isoApplet | 🌖 | 🌑 | 🌑 |
gids | 🌖 | 🌑 | 🌑 |
openpgp | 🌖 | 🌑 | 🌑 |
jpki | 🌑 | 🌑 | 🌑 |
npa | 🌑 | 🌑 | 🌑 |
cac1 | 🌖 | 🌑 | 🌑 |
nqapplet | 🌑 | 🌑 | 🌑 |
skeid | 🌑 | 🌑 | 🌑 |
default | 🌑 | 🌑 | 🌑 |
The table below shows a list of all tested smart cards that were used:
Smart Card Driver | Tested Smart Cards |
---|---|
PIV-II | PivApplet (JCardSim) |
USB-C YubiKey 5C Nano | |
Thales IDPrime PIV v3.0 (detection only) | |
NIST Test Card 9 (v.1) | |
sc-hsm | GoID 1.01, SmartCard-HSM 4K USB-Token (2023) |
cac | CAC Test Cards (Oberthur ID One, Gemalto GCX4), virt_CACard |
coolkey | 534e SafeNet Java Card with Coolkey Applet (1k RSA) |
gids | GIDS Applet (JCardSim) |
myeid | OsEID, Aventra MyEID 4.5.5 |
openpgp | OpenPGP Applet (JCardSim), NitroKey Start (gnuk) |
isoApplet | IsoApplet v0 and v1 (JCardSim) |
cardos | CardOS 5.3 (2017, 2k RSA), CardOS 5.3 (2023, 4k RSA) |
idprime | IDPrime 940, IDPrime 930, IDPrime MD 830, IDPrime 3810 |
epass2003 | ePass2003 PKI Token (2023) |
Installer | Windows | macOS |
---|---|---|
Installation | 🌕 | 🌑 |
Removal | 🌕 | 🌑 |
The table below shows a list of all supported card drivers (opensc-tool --list-drivers
) that have been tested in this release:
Smart Card Driver | PKCS#11 | Windows Minidriver | macOS Tokend |
---|---|---|---|
cardos | 🌕 | 🌕 | 🌑 |
cyberflex | 🌑 | 🌑 | 🌑 |
gemsafeV1 | 🌑 | 🌑 | 🌑 |
starcos | 🌑 | 🌑 | 🌑 |
tcos | 🌑 | 🌑 | 🌑 |
oberthur | 🌑 | 🌑 | 🌑 |
authentic | 🌑 | 🌑 | 🌑 |
iasecc | 🌑 | 🌑 | 🌑 |
belpic | 🌑 | 🌑 | 🌑 |
entersafe | 🌑 | 🌑 | 🌑 |
epass2003 | 🌑 | 🌑 | 🌑 |
rutoken | 🌑 | 🌑 | 🌑 |
rutoken_ecp | 🌑 | 🌑 | 🌑 |
myeid | 🌑 | 🌑 | 🌑 |
dnie | 🌑 | 🌑 | 🌑 |
MaskTech | 🌑 | 🌑 | 🌑 |
esteid2018 | 🌑 | 🌑 | 🌑 |
idprime | 🌕 | 🌑 | 🌑 |
coolkey | 🌑 | 🌑 | 🌑 |
muscle | 🌑 | 🌑 | 🌑 |
sc-hsm | 🌕 | 🌕 | 🌑 |
mcrd | 🌑 | 🌑 | 🌑 |
setcos | 🌑 | 🌑 | 🌑 |
PIV-II | 🌕 | 🌕 | 🌑 |
cac | 🌕 | 🌑 | 🌑 |
itacns | 🌑 | 🌑 | 🌑 |
isoApplet | 🌘 | 🌑 | 🌑 |
gids | 🌑 | 🌑 | 🌑 |
openpgp | 🌘 | 🌑 | 🌑 |
jpki | 🌑 | 🌑 | 🌑 |
npa | 🌘 | 🌑 | 🌑 |
cac1 | 🌕 | 🌑 | 🌑 |
nqapplet | 🌑 | 🌑 | 🌑 |
default | 🌑 | 🌑 | 🌑 |
The table below shows a list of all tested smart cards that were used:
Smart Card Driver | Tested Smart Cards |
---|---|
cardos | CardOS 5.3, 2014 |
CardOS 4.2+ | |
cac | 2 old CAC test cards |
CAC HID Alt token | |
cac1 | old CAC test card |
idprime | IDPrime 3810 |
PIV-II | IDEMIA Test card #1 ID-One PIV 2.4 on Cosmo v8.1 |
NIST Test PIV card 6, v1 | |
Yubikey 4 OTP+U2F+CCID | |
sc-hsm | GoID 1.01 |
Installer | Windows | macOS |
---|---|---|
Installation | 🌕 | 🌑 |
Removal | 🌕 | 🌑 |
The table below shows a list of all supported card drivers (opensc-tool --list-drivers
) that have been tested in this release:
Smart Card Driver | PKCS#11 | Windows Minidriver | macOS Tokend |
---|---|---|---|
cardos | 🌕 | 🌑 | 🌑 |
flex | 🌑 | 🌑 | 🌑 |
cyberflex | 🌑 | 🌑 | 🌑 |
gpk | 🌑 | 🌑 | 🌑 |
gemsafeV1 | 🌑 | 🌑 | 🌑 |
asepcos | 🌑 | 🌑 | 🌑 |
starcos | 🌑 | 🌑 | 🌑 |
tcos | 🌑 | 🌑 | 🌑 |
oberthur | 🌑 | 🌑 | 🌑 |
authentic | 🌑 | 🌑 | 🌑 |
iasecc | 🌕 | 🌗 | 🌑 |
belpic | 🌑 | 🌑 | 🌑 |
incrypto34 | 🌑 | 🌑 | 🌑 |
akis | 🌑 | 🌑 | 🌑 |
entersafe | 🌑 | 🌑 | 🌑 |
epass2003 | 🌑 | 🌑 | 🌑 |
rutoken | 🌑 | 🌑 | 🌑 |
rutoken_ecp | 🌑 | 🌑 | 🌑 |
myeid | 🌕 | 🌗 | 🌑 |
dnie | 🌑 | 🌑 | 🌑 |
MaskTech | 🌑 | 🌑 | 🌑 |
atrust-acos | 🌑 | 🌑 | 🌑 |
westcos | 🌑 | 🌑 | 🌑 |
esteid2018 | 🌑 | 🌑 | 🌑 |
idprime | 🌕 | 🌑 | 🌑 |
edo | 🌑 | 🌑 | 🌑 |
coolkey | 🌑 | 🌑 | 🌑 |
muscle | 🌑 | 🌑 | 🌑 |
sc-hsm | 🌗 | 🌑 | 🌑 |
mcrd | 🌑 | 🌑 | 🌑 |
setcos | 🌑 | 🌑 | 🌑 |
PIV-II | 🌕 | 🌑 | 🌘 |
cac | 🌕 | 🌑 | 🌑 |
itacns | 🌑 | 🌑 | 🌑 |
isoApplet | 🌘 | 🌑 | 🌑 |
gids | 🌘 | 🌑 | 🌑 |
openpgp | 🌕 | 🌑 | 🌑 |
jpki | 🌑 | 🌑 | 🌑 |
npa | 🌑 | 🌑 | 🌑 |
cac1 | 🌑 | 🌑 | 🌑 |
default | 🌑 | 🌑 | 🌑 |
The table below shows a list of all tested smart cards that were used:
Smart Card Driver | Tested Smart Cards |
---|---|
PIV-II | PivApplet (JCardSim), Yubikey 4, NIST Test PIV cards (3-10, 12-14, 16) |
cac | virt_CACard (CI), HID CAC Alt token, old CAC cards |
coolkey | 534e SafeNet Java Card with Coolkey Applet (CI) |
gids | GIDS Applet 1.3 (JCardSim) |
openpgp | OpenPGP Applet (JCardSim), Nitrokey Start |
cardos | CardOS 5.3 |
idprime | IDPrime (OS v1) |
sc-hsm | GoID 1.01 |
isoApplet | IsoApplet v0.6.1 (JCardSim) |
Installer | Windows | macOS |
---|---|---|
Installation | 🌑 | 🌕 |
Removal | 🌑 | 🌕 |
The table below shows a list of all supported card drivers (opensc-tool --list-drivers
) that have been tested in this release:
Smart Card Driver | PKCS#11 | Windows Minidriver | macOS Tokend |
---|---|---|---|
cardos | 🌖 | 🌑 | 🌑 |
flex | 🌑 | 🌑 | 🌑 |
cyberflex | 🌑 | 🌑 | 🌑 |
gpk | 🌑 | 🌑 | 🌑 |
gemsafeV1 | 🌑 | 🌑 | 🌑 |
asepcos | 🌑 | 🌑 | 🌑 |
starcos | 🌑 | 🌑 | 🌑 |
tcos | 🌑 | 🌑 | 🌑 |
oberthur | 🌑 | 🌑 | 🌑 |
authentic | 🌑 | 🌑 | 🌑 |
iasecc | 🌘 | 🌑 | 🌑 |
belpic | 🌑 | 🌑 | 🌑 |
incrypto34 | 🌑 | 🌑 | 🌑 |
akis | 🌑 | 🌑 | 🌑 |
entersafe | 🌑 | 🌑 | 🌑 |
epass2003 | 🌑 | 🌑 | 🌑 |
rutoken | 🌑 | 🌑 | 🌑 |
rutoken_ecp | 🌑 | 🌑 | 🌑 |
myeid | 🌘 | 🌑 | 🌑 |
dnie | 🌑 | 🌑 | 🌑 |
MaskTech | 🌑 | 🌑 | 🌑 |
atrust-acos | 🌑 | 🌑 | 🌑 |
westcos | 🌑 | 🌑 | 🌑 |
esteid2018 | 🌑 | 🌑 | 🌑 |
idprime | 🌖 | 🌑 | 🌑 |
edo | 🌑 | 🌑 | 🌑 |
coolkey | 🌘 | 🌑 | 🌑 |
muscle | 🌑 | 🌑 | 🌑 |
sc-hsm | 🌑 | 🌑 | 🌑 |
mcrd | 🌑 | 🌑 | 🌑 |
setcos | 🌑 | 🌑 | 🌑 |
PIV-II | 🌕 | 🌗 | 🌕 |
cac | 🌘 | 🌑 | 🌑 |
itacns | 🌑 | 🌑 | 🌑 |
isoApplet | 🌘 | 🌑 | 🌑 |
gids | 🌘 | 🌑 | 🌑 |
openpgp | 🌘 | 🌑 | 🌑 |
jpki | 🌑 | 🌑 | 🌑 |
npa | 🌑 | 🌑 | 🌑 |
cac1 | 🌖 | 🌑 | 🌑 |
default | 🌑 | 🌑 | 🌑 |
The table below shows a list of all tested smart cards that were used:
Smart Card Driver | Tested Smart Cards |
---|---|
PIV-II | PivApplet (JCardSim), YubiKey 5 Nano, NIST Test cards |
cac | CAC Test Cards (Oberthur ID One, Gemalto GCX4), virt_CACard |
coolkey | 534e SafeNet Java Card with Coolkey Applet |
gids | GIDS Applet (JCardSim) |
iasecc | Cosmo v8 |
myeid | OsEID |
openpgp | OpenPGP Applet (JCardSim) |
cardos | CardOS 5.3 card |
idprime | idprime with os version 1 |
Installer | Windows | macOS |
---|---|---|
Installation | 🌑 | 🌑 |
Removal | 🌑 | 🌑 |
The table below shows a list of all supported card drivers (opensc-tool --list-drivers
) that have been tested in this release:
Smart Card Driver | PKCS#11 | Windows Minidriver | macOS Tokend |
---|---|---|---|
cardos | 🌑 | 🌑 | 🌑 |
flex | 🌑 | 🌑 | 🌑 |
cyberflex | 🌑 | 🌑 | 🌑 |
gpk | 🌑 | 🌑 | 🌑 |
gemsafeV1 | 🌑 | 🌑 | 🌑 |
miocos | 🌑 | 🌑 | 🌑 |
asepcos | 🌑 | 🌑 | 🌑 |
starcos | 🌑 | 🌑 | 🌑 |
tcos | 🌑 | 🌑 | 🌑 |
jcop | 🌑 | 🌑 | 🌑 |
oberthur | 🌑 | 🌑 | 🌑 |
authentic | 🌑 | 🌑 | 🌑 |
iasecc | 🌘 | 🌑 | 🌑 |
belpic | 🌑 | 🌑 | 🌑 |
incrypto34 | 🌑 | 🌑 | 🌑 |
acos5 | 🌑 | 🌑 | 🌑 |
akis | 🌑 | 🌑 | 🌑 |
entersafe | 🌑 | 🌑 | 🌑 |
epass2003 | 🌑 | 🌑 | 🌑 |
rutoken | 🌑 | 🌑 | 🌑 |
rutoken_ecp | 🌑 | 🌑 | 🌑 |
westcos | 🌑 | 🌑 | 🌑 |
myeid | 🌘 | 🌑 | 🌑 |
sc-hsm | 🌗 | 🌗 | 🌑 |
dnie | 🌑 | 🌑 | 🌑 |
MaskTech | 🌑 | 🌑 | 🌑 |
mcrd | 🌑 | 🌑 | 🌑 |
setcos | 🌑 | 🌑 | 🌑 |
muscle | 🌑 | 🌑 | 🌑 |
atrust-acos | 🌑 | 🌑 | 🌑 |
PIV-II | 🌗 | 🌗 | 🌑 |
cac | 🌘 | 🌑 | 🌑 |
itacns | 🌑 | 🌑 | 🌑 |
isoApplet | 🌘 | 🌑 | 🌑 |
gids | 🌘 | 🌑 | 🌑 |
openpgp | 🌘 | 🌑 | 🌑 |
jpki | 🌑 | 🌑 | 🌑 |
coolkey | 🌘 | 🌑 | 🌑 |
npa | 🌑 | 🌑 | 🌑 |
default | 🌑 | 🌑 | 🌑 |
The table below shows a list of all tested smart cards that were used:
Smart Card Driver | Tested Smart Cards |
---|---|
PIV-II | PivApplet (JCardSim), YubiKey 5 Nano |
cac | CAC Test Cards (Oberthur ID One, Gemalto GCX4), virt_CACard |
coolkey | 534e SafeNet Java Card with Coolkey Applet |
gids | GIDS Applet (JCardSim) |
iasecc | Gemalto MultiApp IAS/ECC v1.0.1 |
myeid | OsEID |
openpgp | OpenPGP Applet (JCardSim) |
sc-hsm | GoID 1.01 |
Installer | Windows | macOS |
---|---|---|
Installation | 🌕 | 🌕 |
Removal | 🌕 | 🌕 |
The table below shows a list of all supported card drivers (opensc-tool --list-drivers
) that have been tested in this release:
Smart Card Driver | PKCS#11 | Windows Minidriver | macOS Tokend |
---|---|---|---|
cardos | 🌗 | 🌗 | 🌑 |
flex | 🌑 | 🌑 | 🌑 |
cyberflex | 🌑 | 🌑 | 🌑 |
gpk | 🌑 | 🌑 | 🌑 |
gemsafeV1 | 🌑 | 🌑 | 🌑 |
miocos | 🌑 | 🌑 | 🌑 |
asepcos | 🌑 | 🌑 | 🌑 |
starcos | 🌑 | 🌑 | 🌑 |
tcos | 🌑 | 🌑 | 🌑 |
jcop | 🌑 | 🌑 | 🌑 |
oberthur | 🌑 | 🌑 | 🌑 |
authentic | 🌑 | 🌑 | 🌑 |
iasecc | 🌗 | 🌑 | 🌑 |
belpic | 🌑 | 🌑 | 🌑 |
incrypto34 | 🌑 | 🌑 | 🌑 |
acos5 | 🌑 | 🌑 | 🌑 |
akis | 🌑 | 🌑 | 🌑 |
entersafe | 🌑 | 🌑 | 🌑 |
epass2003 | 🌑 | 🌑 | 🌑 |
rutoken | 🌑 | 🌑 | 🌑 |
rutoken_ecp | 🌑 | 🌑 | 🌑 |
westcos | 🌑 | 🌑 | 🌑 |
myeid | 🌕 | 🌗 | 🌑 |
sc-hsm | 🌖 | 🌖 | 🌖 |
dnie | 🌑 | 🌑 | 🌑 |
MaskTech | 🌑 | 🌑 | 🌑 |
mcrd | 🌑 | 🌑 | 🌑 |
setcos | 🌑 | 🌑 | 🌑 |
muscle | 🌑 | 🌑 | 🌑 |
atrust-acos | 🌑 | 🌑 | 🌑 |
PIV-II | 🌕 | 🌑 | 🌑 |
cac | 🌕 | 🌑 | 🌑 |
itacns | 🌑 | 🌑 | 🌑 |
isoApplet | 🌑 | 🌑 | 🌑 |
gids | 🌑 | 🌑 | 🌑 |
openpgp | 🌑 | 🌑 | 🌑 |
jpki | 🌑 | 🌑 | 🌑 |
coolkey | 🌕 | 🌑 | 🌑 |
npa | 🌑 | 🌑 | 🌑 |
default | 🌑 | 🌑 | 🌑 |
The table below shows a list of all tested smart cards that were used:
Smart Card Driver | Tested Smart Cards |
---|---|
cardos | CardOS 4.3B |
cardos | Atos CardOS 5.3 cards with RSA |
sc-hsm | GoID 1.00 |
iasecc | Gemalto MultiApp IAS/ECC v1.0.1 |
myeid | MyEID cards with PKCS#15-applet |
PIV-II | NIST Test PIV Cards 8 and 4 |
cac | CAC Test Cards (Oberthur ID One, Gemalto GCX4) |
coolkey | 534e SafeNet Java Card with Coolkey Applet |
Installer | Windows | macOS |
---|---|---|
Installation | 🌕 | 🌕 |
Removal | 🌕 | 🌕 |
The table below shows a list of all supported card drivers (opensc-tool --list-drivers
) that have been tested in this release:
Smart Card Driver | PKCS#11 | Windows Minidriver | macOS Tokend |
---|---|---|---|
cardos | 🌖 | 🌗 | 🌑 |
flex | 🌑 | 🌑 | 🌑 |
cyberflex | 🌑 | 🌑 | 🌑 |
gpk | 🌑 | 🌑 | 🌑 |
gemsafeV1 | 🌑 | 🌑 | 🌑 |
miocos | 🌑 | 🌑 | 🌑 |
asepcos | 🌑 | 🌑 | 🌑 |
starcos | 🌘 | 🌘 | 🌑 |
tcos | 🌑 | 🌑 | 🌑 |
jcop | 🌑 | 🌑 | 🌑 |
oberthur | 🌑 | 🌑 | 🌑 |
authentic | 🌑 | 🌑 | 🌑 |
iasecc | 🌘 | 🌑 | 🌑 |
belpic | 🌑 | 🌑 | 🌑 |
incrypto34 | 🌑 | 🌑 | 🌑 |
acos5 | 🌑 | 🌑 | 🌑 |
akis | 🌑 | 🌑 | 🌑 |
entersafe | 🌑 | 🌑 | 🌑 |
epass2003 | 🌑 | 🌑 | 🌑 |
rutoken | 🌑 | 🌑 | 🌑 |
rutoken_ecp | 🌑 | 🌑 | 🌑 |
westcos | 🌑 | 🌑 | 🌑 |
myeid | 🌕 | 🌑 | 🌑 |
sc-hsm | 🌖 | 🌖 | 🌑 |
dnie | 🌑 | 🌑 | 🌑 |
MaskTech | 🌑 | 🌑 | 🌑 |
mcrd | 🌑 | 🌑 | 🌑 |
setcos | 🌑 | 🌑 | 🌑 |
muscle | 🌑 | 🌑 | 🌑 |
atrust-acos | 🌑 | 🌑 | 🌑 |
PIV-II | 🌖 | 🌑 | 🌑 |
cac | 🌑 | 🌑 | 🌑 |
itacns | 🌑 | 🌑 | 🌑 |
isoApplet | 🌑 | 🌑 | 🌑 |
gids | 🌑 | 🌑 | 🌑 |
openpgp | 🌘 | 🌑 | 🌑 |
jpki | 🌑 | 🌑 | 🌑 |
coolkey | 🌑 | 🌑 | 🌑 |
npa | 🌘 | 🌑 | 🌑 |
default | 🌑 | 🌑 | 🌑 |
The table below shows a list of all tested smart cards that were used:
Smart Card Driver | Tested Smart Cards |
---|---|
cardos | CardOS 4.3B |
sc-hsm | GoID 1.00 |
starcos | Starcos 3.4 |
openpgp | OpenPGP Card 3.0 |
iasecc | Gemalto MultiApp IAS/ECC v1.0.1 |
myeid | MyEID cards with PKCS#15-applet |
PIV-II | NIST DEMO cards 1 and 7(with history object: 3 and 2) |
Installer | Windows | macOS |
---|---|---|
Installation | 🌕 | 🌕 |
Removal | 🌕 | 🌕 |
The table below shows a list of all supported card drivers (opensc-tool --list-drivers
) that have been tested in this release:
Smart Card Driver | PKCS#11 | Windows Minidriver | macOS Tokend |
---|---|---|---|
cardos | 🌕 | 🌕 | 🌕 |
flex | 🌑 | 🌑 | 🌑 |
cyberflex | 🌑 | 🌑 | 🌑 |
gpk | 🌑 | 🌑 | 🌑 |
gemsafeV1 | 🌑 | 🌑 | 🌑 |
miocos | 🌑 | 🌑 | 🌑 |
asepcos | 🌑 | 🌑 | 🌑 |
starcos | 🌑 | 🌑 | 🌑 |
tcos | 🌑 | 🌑 | 🌑 |
jcop | 🌑 | 🌑 | 🌑 |
oberthur | 🌑 | 🌑 | 🌑 |
authentic | 🌑 | 🌑 | 🌑 |
iasecc | 🌗 | 🌑 | 🌗 |
belpic | 🌕 | 🌑 | 🌑 |
incrypto34 | 🌑 | 🌑 | 🌑 |
acos5 | 🌑 | 🌑 | 🌑 |
akis | 🌑 | 🌑 | 🌑 |
entersafe | 🌕 | 🌕 | 🌕 |
epass2003 | 🌕 | 🌕 | 🌕 |
rutoken | 🌑 | 🌑 | 🌑 |
rutoken_ecp | 🌑 | 🌑 | 🌑 |
westcos | 🌑 | 🌑 | 🌑 |
myeid | 🌗 | 🌑 | 🌑 |
sc-hsm | 🌕 | 🌕 | 🌕 |
dnie | 🌕 | 🌑 | 🌑 |
MaskTech | 🌑 | 🌑 | 🌑 |
mcrd | 🌑 | 🌑 | 🌑 |
setcos | 🌑 | 🌑 | 🌑 |
muscle | 🌑 | 🌑 | 🌑 |
atrust-acos | 🌑 | 🌑 | 🌑 |
PIV-II | 🌕 | 🌑 | 🌑 |
cac | 🌕 | 🌑 | 🌑 |
itacns | 🌑 | 🌑 | 🌑 |
isoApplet (no ECDSA) | 🌗 | 🌑 | 🌑 |
gids | 🌑 | 🌑 | 🌑 |
openpgp | 🌗 | 🌑 | 🌑 |
jpki | 🌕 | 🌗 | 🌗 |
coolkey | 🌕 | 🌑 | 🌑 |
npa | 🌗 | 🌑 | 🌗 |
default | 🌑 | 🌑 | 🌑 |
The table below shows a list of all tested smart cards that were used:
Smart Card Driver | Tested Smart Cards |
---|---|
cardos | CardOS 4.3B |
sc-hsm | GoID 0.9 |
npa | German ID card |
PIV-II | NIST demo PIV card 1, 10 |
cac | Expired test CAC card |
iasecc | IAS/ECC Gemalto, Gemalto MultiApp IAS/ECC v1.0.1 |
openpgp | OpenPGP v2.0 card (ZeitControl) |
openpgp | Yubikey NEO |
coolkey | coolkey applet on SafeNet Java card |
sc-hsm | Nitrokey Nitrokey HSM |
cardos | CardOS 5.3 |
isoApplet | IsoApplet in Swissbit secure microSD card |
Test Steps
- Open the OpenSC installer (msi file extension)
- Follow the prompts for installation. Expected Result OpenSC has been installed
Test Steps
- Open the OpenSC image (dmg file extension)
- Open the OpenSC installer (pkg file extension)
- Follow the prompts for installation. Expected Result OpenSC has been installed
Test Steps
- Open Control Panel
- In Category view, click the "Uninstall a program" link under the "Programs" category. In Icon view, click the "Programs and Features" icon.
- Find and select "OpenSC smartcard framework".
- Click "Uninstall"
- Depending on which programs have loaded OpenSC, you will be prompted to reboot. Expected Result OpenSC is removed.
Test Steps
- Open a command line terminal (Terminal.app)
- Run
sudo opensc-uninstall
- Enter your password Expected Result OpenSC is removed.
Test random number generation, digest calculation, signature, verification and decryption with the token using the PKCS#11 API.
Test Steps
- Open a command line terminal (cmd.exe).
- Run
"C:\Program Files\OpenSC Project\OpenSC\tools\pkcs11-tool.exe" --login --test
Expected ResultNo errors
Test Steps
- Open a command line terminal.
- Run
pkcs11-tool --login --test
Expected ResultNo errors
Test Steps
- Open the Firefox preferences dialog. Choose Advanced > Encryption > Security Devices
- Choose Load
- Enter a name for the security module, such as "OpenSC".
- Choose "Browse..." to find the location of the PKCS11 module on your local computer, and choose "OK" when done.
Location of PKCS#11 module | |
---|---|
Windows | C:\Windows\System32\onepsc-pkcs11.dll |
macOS | /Library/OpenSC/lib/opensc-pkcs11.so |
Other OS |
/usr/local/lib/opensc-pkcs11.so by default |
Expected Result | |
Certificates and private keys are verified (see command line output). The token's certificates are shown in a dialog. |
Preconditions
- OpenSC PKCS#11 module is loaded Test Steps
- Put the token on the reader.
- Open the Firefox preferences dialog. Choose Advanced > Encryption > Security Devices
- Select your Token from the OpenSC security device
- Click Log In and verify your PIN Expected Result User is logged in. The Log Out button becomes available.
Preconditions
- The web server is configured for client authentication with the token's certificate (for example ./gnutls-http-serv with
--x509cafile
with issuers certificate or certificate from the card). Test Steps
- Put the token on the reader.
- Browse to the web server.
- Select a certificate from the token for authentication in the popup dialog.
- Verify your PIN. Expected Result User is authenticated.
Preconditions
- SSH server with allowed public key authentication (for example
localhost
) - Inserted card with either generally-visible RSA or ECDSA public keys or X.509 certificates
Test steps
- Get the public keys from the card in OpenSSH format (for path the PKCS#11 library in your system use above table)
ssh-keygen -D /usr/local/lib/opensc-pkcs11.so
- Store the key(s) in
~/.ssh/authorized_keys
in server - Try to connect with ssh to this server:
ssh -I /usr/local/lib/opensc-pkcs11.so example.com
Expected Result
- You are prompted for a PIN
- You are authenticated to the server (and usually given a remote shell)
Test steps
- Start
ssh-agent
in current terminal window (if is not already running):
eval $(ssh-agent)
- Add the smartcard to the
ssh-agent
(for path the PKCS#11 library in your system use above table) and write your PIN:
ssh-add -s /usr/local/lib/opensc-pkcs11.so
- Get the public keys from the card in OpenSSH format:
ssh-add -L
- Store the key(s) in
~/.ssh/authorized_keys
in server - Try to connect (repetitively) with ssh to this server:
ssh example.com
Expected Result
- You are NOT prompted for a PIN during each connection
- You are authenticated to the server (and usually given a remote shell)
Note: This will not work for keys with ALWAYS_AUTHENTICATE
attribute, because of OpenSSH bug #2638
Verify certificates and test private keys of the token.
Test Steps
- Open a command line terminal (cmd.exe).
- Run
certutil -scinfo
Expected Result Certificates and private keys are verified (see command line output). The token's certificates are shown in a dialog.
Preconditions
- The user's account is configured for login with the token's certificate.
- Screen is locked by the user or the user is logged out. Test Steps
- Put the token on the reader.
- If needed, choose Other Credentials and select the smart card.
- Verify your PIN. Expected Result User is logged in.
Preconditions
- The web server is configured for client authentication with the token's certificate. Test Steps
- Put the token on the reader.
- Browse to the web server.
- Select a certificate from the token for authentication in the popup dialog.
- Verify your PIN. Expected Result User is authenticated.
Test Steps
- Put the token on the reader.
- Press CTRL + Alt + Del
- Choose Change a password
- Choose Other Credentials and select the smart card.
- Without a PIN pad reader change your PIN with the screen shown. With a PIN pad reader, leave the text fields empty and change your PIN on the reader. Expected Result PIN is changed.
Test Steps
- Put the token on the reader.
- Open Keychain Access (keychainaccess.app), which is in the Utilities folder of your Applications folder.
- Find and click your token in the Keychains panel in the upper left. The main window shows the token's certificate.
- Click the closed lock in the upper left corner to verify your PIN. Expected Result User is logged in, the lock is unlocked.
Preconditions
- The web server is configured for client authentication with the token's certificate. Test Steps
- Put the token on the reader.
- Browse to the web server.
- Select a certificate from the token for authentication in the popup dialog.
- Verify your PIN. Expected Result User is authenticated.
Preconditions
- A ThinLinc client using smart card authentication.
- Download ThinLinc client here https://www.cendio.com/thinlinc/download and install it.
- The ThinLinc client must be configured to run with the new OpenSC release. Run this in your home directory (Change
<PATH TO PKCS11 MODULE>
to the absolute path toopensc-pkcs11.so
of the new release):
mkdir -p .thinlinc && echo "PKCS11_MODULE=<PATH TO PKCS11 MODULE>" >> .thinlinc/tlclient.conf
- Enable smart card authentication in the ThinLinc client:
echo "AUTHENTICATION_METHOD=scpublickey" >> .thinlinc/tlclient.conf
- Start ThinLinc client.
- Put the card in the reader and the certificate should be shown in the "Certificate" scroll down menu.
Test Steps
- Detach the entire reader with card still in it.
- Attach the reader again with the card in it.
Expected Result
- The certificate is removed from the "Certificate" scroll down list when the reader is detached.
- The certificates is shown again when the reader is attached.
Warning: Due to attempts to plant malicious links to our wiki, it is no longer open to anyone to edit. If you want to contribute to this, wiki, please open a pull request here: https://github.com/OpenSC/Wiki