The following is a guide to assist in setting up opensuse to access cacenabled dod websites. This package provides the necessary middleware to interface with the dod smartcard. Preface us department of defense dod now limits access to many of its websites to be via a smart common access card cac. Architecture for issuing dod mobile derived credentials. Common access card cacpersonal identity verification. Us department of defense dod now limits access to many of its websites to be via a smart common access card cac authenticated with a personal identification number. Open source software and the department of defense. Opensc facilitate the use of smart cards in security. Sowers abstract with an increase in performance, dependency and ubiquitousness, the necessity for secure mobile. The linux cac reader stack is based on a set of middleware called pcsc personal computer. Reference page to know what all of the acronyms and strange words mean on militarycac. This document describes how to integrate the us department of defense common access card with unix. An option to use your cac on windows 7 or 8 without installing activclient. Use a dod smartcard to access cac enabled websites.
Cac seems to be for military personnel while piv is for the wider civilian gov population. Opensc is a set of software tools and libraries to work with smart cards, with the focus on smart cards with cryptographic capabilities. Dod root certificates all installed in etcsslconfig for cac smartcard middleware, using opensc working great in firefox and chromium for vmware version, i used 5. In accordance with current dod id card policy, id cards shall be used as proof of identity and dod affiliation to facilitate access to dod facilities and systems required by the contract. Open source cannot cure all of the dods software ills. Commonaccesscard community help wiki ubuntu documentation. Militarycacs text links page common access card cac. It also includes tools to test and debug the functionality of your smartcard. Us department of defense dod now limits access to many of its websites to be via a smart common access card cac authenticated with a personal identification number pin. Militarycacs use your cac on windows 7 or 8 without. However, it does possess the potential to substantially improve software outcomes for the dod in the same way it has.
Plug your cac reader into your computer before proceeding. Anybody out there have any luck installing a dod cac reader under os 10. Theres a tool installroot on the disa website that should link you to, which does exactly that. In order to access sites enabled with a dod pki certificate without being prompted to accept the dod certificate chain at each log on like firefox and safari do, people using internet explorer. Follow these instructions to easily use your cac or other smart card with firefox. Signing pdfs with dod cac common access card under linux operating systems linux digital signatures signing pdfs with dod cac.
In order to use piv, you will need to uninstall coolkey and use either cackey or. Not all cac certificates have a principal name pn or the same pn, but those that do have a pn, all start with the same first 10 digits, which is the dod users edipi also known as dod id. Government software acquisition policies dfars and data rights vicki e. The three mentioned are coolkey, cackey, and opensc. Right click the windows logo lower left corner of your screen. Also cac seems to be pivcompliant but am not sure if that means opensc can read that. Now we need to install some programs called pcscd and coolkey.
The following is a guide to assist in setting up mx linux to access cac enabled dod websites. It facilitates their use in security applications such as mail encryption. Most say that cackey and or opensc have replaced coolkey, but as of this moment i am using coolkey to access ako and mil. However the us dod contracted activclient seems to have one which works with the scr331. It is possible to use your smart card to access dod cac card enabled sites. Sometimes opensc can struggle to identify the proper driver for cac, instead it may choose piv or something else. Bug 534172 coolkey not recognizing dod cacs on gemalto topdlgx4 144k cards. Use a dod smartcard to access cac enabled websites fedora. Department of defense identification number replaced edi. Setting up firefox to use your cac on your windows computer. Common access card cac smart id card for activeduty military personnel, selected reserve, dod civilian employees, and eligible contractor personnel. Signing pdfs with dod cac common access card under linux.
Dod cac software free download dod cac top 4 download. Cryptographic hashes of the software downloads, updated 17 mar 2020 this pdf is digitally signed by a certificate with a dod certificate authority at its root. The common access card, also commonly referred to as the cac is a smart card about the size of a credit card. In most wikidocumentationguides they are referred to as modules. When the user goes to the site theyll be presented with a list of valid certificates on the cac card. We are going to deviate from these instructions since they are not up to date for modern mozilla firefox installations, but the general workflow still is good. Also i got to know that opensc has a windows pkcs11 driver openscpkcs11.
Government software acquisition policies dfars and. Click system, select device manager link upper left corner of the screen, scroll down to smart card readers, select the little triangle next to it to open it up. It is the standard identification for active duty united states defense. Contractor cac eligibility is specifically dependent on the mission and the dod contract being supported. Use smart cards on chrome os this article focuses on the steps required to successfully start using your smart card on chrome os on your personal device. Cac developer kit cdk this cdk contains documentation and software needed to interact with the cacs machinereadable media smart card ship, magnetic stripe, and barcodes. Militarycac has been online since 9 november 2007 and has over 121 individual pages of information and support. Dod cac card on ubuntu linux johns tech blog hagensieker.
Dod cac software free download dod cac top 4 download offers free software downloads for windows, mac, ios and android computers and mobile devices. I have more than one token inserted a cac, a yubikey, a yubihsm2. Sometimes opensc can struggle to identify the proper driver for cac, instead. Sometimes opensc can struggle to identify the proper driver for cac, instead it. This website was created because of the lack of information available to show how to utilize common access card cac s on personal computers. You may want to edit the file to remove some cas, eg dod email ca11. This article shows you how to set up your fedora system to login to dod cac enabled websites. The kit is designed for developers of clientside workstation applications using the cac data and services, and developers of cardside applets and middleware. This is a guide that is tested to work with fedora.
Dod common access card and other smartcards on unix flyn. This sets up your computer to trust the dod cryptographic. Architecture for issuing dod mobile derived credentials david a. I am the content provider for the army knowledge online ako cac reference center. Opensc provides a set of utilities to access smart cards. Dod software free download dod top 4 download offers free software downloads for windows, mac, ios and android computers and mobile devices.
Knowledge repo boyle technical consulting services. Equips multifunction printers mfps with common access card cacpersonal identity verification piv authentication capabilities and prevents unauthorized access to these digital. Allums, office of the general counsel defense information systems agency disa department. Tens release notes united states department of defense.
657 666 1221 1176 1313 1101 521 158 112 550 947 1007 1189 141 1210 946 917 823 820 299 203 477 352 190 777 305 452 148 805 791 372 929 1144 804 537 337 497 198 134 542 951 964 1164 114