| Skip Navigation Links | |
| Exit Print View | |
|
man pages section 1M: System Administration Commands |
- configure and administer a smart card
smartcard -c admin [-a application] [propertyname]...
smartcard -c admin [-a application]
[-x { add|delete|modify } propertyname=value...]smartcard -c admin -t service -j classname -x
{ add|delete|modify}smartcard -c admin -t terminal
{ -j classname | -H libraryname } -d device -r userfriendlyreadername -n readername -x
{ add|delete|modify }
[-R]smartcard -c admin -t debug -j classname -l level -x
{ add|delete|modify}smartcard -c admin -t override -x { add|delete|modify} propertyname=valuesmartcard -c admin -I -k keytype -i filename
smartcard -c admin -E -k keytype -o filename
smartcard -c load -A aid [-r userfriendlyreadername] -P pin
[-s slot] [-i inputfile] [-p propfile] [-v]
[propertyname=value]...smartcard -c load -u -P pin [-A aid]
[-r userfriendlyreadername] [-s slot] [-v]smartcard -c bin2capx -T cardname [-i inputfile]
[-o outputfile] [-p propfile] [-I anothercapxfile]
[-v] [propertyname=value]...smartcard -c init -A aid [-r readername] [-s slot] -L
smartcard -c init -A aid [-r readername] -P pin [-s slot]
[propertyname=value]...smartcard -c enable
smartcard -c disable
The smartcard utility is used for all configurations related to a smart card. It comprises the following subcommands:
Administration of OCF properties. (-c admin)
This subcommand is used to list and modify any of the OCF properties. With no arguments it will list all the current properties. It can only be executed by root. Some OCF properies are:
# default card for an application
# default reader for an application
# authentication mechanism
# list of cards valid for an application
A complete listing can be obtained by using the smartcard utility as described in the EXAMPLES section.
Loading and Unloading of applets from the smart card (-c load) and performing initial configuration of a non-Java card.
This subcommand administers the applets or properties on a smartcard. It can be used to load or unload applets and/or properties to and from a smart card. The applet is a Java class file that has been run through a converter to make the byte code JavaCard-compliant. This command can be used to load both an applet file in the standard format or a file converted to the capx format. If no -r option is specified, the loader tries to load to any connected reader, provided it has already been inserted using the smartcard -c admin command.
Converting card applets or properties to the capx format (-c bin2capx)
This subcommand is used to convert a Java card applet or properties into a new format called capx before downloading it onto the smart card. Converting to this format enables the applet developer to add applet-specific information that is useful during the downloading process and identifies the applet.
In the following example,
smartcard -c bin2capx -i cyberflex.bin \ -T CyberFlex aidto-000102030405060708090A0B0C0D0E0F fileID=2222 \ instanceID=2223 and more.
if no output file is specified, a default file with the name input_filename.capx is created in the current directory. The mandatory -T option requires the user to specify the card name for which the capx file is being generated.
The following example
smartcard -c bin2capx -T IButton
tells the loader that the capx file contains the binary for IButton. A single capx file can hold binaries for multiple cards (1 per card.) Users can, for example, hold binary files for both CyberFlex and IButton in the same capx file as follows:
smartcard -c bin2capx -T IButton -i IButton.jib -o file.capx
In the following example,
smartcard -c bin2capx -T CyberFlex -i cyberflex.bin \ -l file.capx -o file.capx
the -l option is used to provide an already-generated capx file. The output is directed to the same capx file, resulting in capx file holding binaries for both cards.
Personalizing a smart card (-c init)
This subcommand is used to set user-specific information required by an applet on a smart card. For example, the Sun applet requires a user name to be set on the card. This subcommand is also used to personalize information for non-Java cars.
Enabling and disabling the smart card desktop login (-c {enable | disable)
The following options are supported:
Specify application name for the configuration parameter. Parameters may differ depending on the application. If no application name is specified, then ocf is the default application.
Specify a unique alphanumeric string that identifies the applet. The aid argument must be a minimum of 5 characters and can be a maximum of 16 characters in length. If an applet with an identical aid already exists on the card, a load will result in an error.
Specify subcommand name. Valid options are: admin, load, bin2capx, init, enable, and disable.
Specify device on which the reader is connected (for example, /dev/cua/a).
Disable a system from using smart cards.
Export the keys to a file.
Specify the full path of the IFD handler library for the reader.
Specify input file name.
Import from a file.
Specify fully-qualified class name.
Specify type of key (for example, challenge_response, pki.)
Specify debug level (0–9), signifying level of debug information displayed.
List all properties configurable in an applet.
Specify reader name as required by the driver.
Specify output file name.
Specify properties file name. This file could contain a list of property names and value pairs, in the format propertyname=value.
Specify pin used to validate to the card.
Specify user-defined reader name where the card to be initialized is inserted.
Restart the ocf server.
Specify slot number. If a reader has multiple slots, this option specifies which slot to use for initialization. If a reader has only one slot, this option is not required. If no slot number is specified, by default the first slot of the reader is used.
Specify type of property being updated. The valid values are:
Updating a card service provider details.
Updating a card reader provider details.
OCF trace level.
Override a system property of the same name.
Specify card name.
Unload the applet specified by the application ID from the card. If no application ID is specified, all applets are unloaded from the card.
Verbose mode ( displays helpful messages).
Specify action to be taken. Valid values are: add, delete, or modify.
Example 1 Viewing the Values of All Properties
Enter the following command to view the values of all the properties that are set:
% smartcard -c admin
Example 2 Viewing the Values of Specific Properties
Enter the following command to view the values of specific properties:
% smartcard -c admin language country
Example 3 Adding a Card Service
Enter the following command to add a card service factory for a CyberFlex card, available in the package com.sun.services.cyberflex, to the properties:
% smartcard -c admin -t service \
-j com.sun.services.cyberflex.CyberFlexCardServiceFactory -x addExample 4 Adding a Reader
Enter the following command to add the IFD handler for the internal reader:
% smartcard -c admin -t terminal \
-H /usr/lib/smartcard/ifdh_scmi2c.so -x add \
-d /dev/scmi2c0 -r MyInternalReader -n SunISCRIExample 5 Deleting a Reader
Enter the following command to delete the SCM reader, added in the previous example, from the properties:
% smartcard -c admin -t terminal -r SCM -x delete
Example 6 Changing the Debug Level
Enter the following command to change the debug level for all of the com.sun package to 9:
% smartcard -c admin -t debug -j com.sun -l 9 -x modify
Example 7 Setting the Default Card for an Application
Enter one of the following commands to set the default card for an application (dtlogin) to be CyberFlex.
If the property default card does not exist, enter the following command:
% smartcard -c admin -a dtlogin -x add defaultcard=CyberFlex
If the property default card exists, enter the following command:
% smartcard -c admin -a dtlogin -x modify defaultcard=CyberFlex
Example 8 Exporting Keys for a User into a File
Enter the following command to export the challenge-response keys for a user into a file:
% smartcard -c admin -k challenge_response -E -o /tmp/mykeys
Example 9 Importing Keys from a File
Enter the following command to import the challenge-response keys for a user from a file:
% smartcard -c admin -k challenge_response -I -i /tmp/mykeys
Example 10 Downloading an Applet into a Java Card
Enter the following command to download an applet into a Java card or to configure a PayFlex (non-Java) card inserted into an SCM reader for the capx file supplied in the /usr/share/lib/smartcard directory:
% smartcard -c load -r SCM \
-i /usr/share/lib/smartcard/SolarisAuthApplet.capxExample 11 Downloading an Applet Binary
Enter the following command to download an applet binary from some place other that the capx file supplied with Solaris 8 into an IButton (the aid and input file are mandatory, the remaining parameters are optional):
% smartcard -c load -A A000000062030400 -i newapplet.jib
Example 12 Downloading an Applet on a CyberFlex Access Card
On a CyberFlex Access Card, enter the following command to download an applet newapplet.bin at fileID 2222, instanceID 3333 using the specified verifyKey and a heap size of 2000 bytes:
% smartcard -c load -A newaid -i newapplet.bin \
fileID=2222 instanceID=3333 verifyKey=newKey \
MAC=newMAC heapsize=2000Example 13 Configuring a PayFlex Card
Enter the following command to configure a PayFlex (non-Java) card with specific aid, transport key, and initial pin:
% smartcard -c load -A A00000006203400 \
pin=242424246A617661 transportKey=4746584932567840Example 14 Unloading an Applet from a Card
Enter the following command to unload an applet from iButton:
% smartcard -c load -u
Example 15 Displaying Usage of smartcard -c load
Enter the following command to display the usage of the smartcard -c load command:
% smartcard -c load
Example 16 Displaying All Configurable Parameters for an Applet
Enter the following command to display all the configurable parameters for an applet with aid 123456 residing on a card inserted into an SCM reader:
% smartcard -c init -r SM -A 123456 -L
Example 17 Changing the PIN
Enter the following command to change the pin for the SolarisAuthApplet residing on a card or to change the PIN for a PayFlex (non-Java) card inserted into an SCM reader:
% smartcard -c init -A A000000062030400 -P oldpin pin=newpin
Example 18 Displaying All Configurable Parameters for the SolarisAuthApplet.
Enter the following command to display all the configurable parameters for the SolarisAuthApplet residing on a card inserted into an SCM reader:
% smartcard -c init -A A000000062030400 -L
Example 19 Setting a Property to a Value on a smart card
Enter the following command to set properties called user to the value james and application to the value login on a card inserted into an SCM reader that has a pin testpin:
% smartcard -c init -A A000000062030400 -r CyberFlex -P testpin \
application=login user=jamesExample 20 Converting an Applet for the CyberFlex Card into capx Format.
Enter the following command to convert an applet for the CyberFlex card into the capx format required for downloading the applet into the card:
% smartcard -c bin2capx \
-i /usr/share/lib/smartcard/SolarisAuthApplet.bin \
-T CyberFlex -o /home/CorporateCard.capx -v memory=128 heapsize=12Example 21 Converting an Applet for the IButton Card into capx Format
Enter the following command to convert an applet for the IButton card into the capx format required for downloading the applet into the button:
% smartcard -c bin2capx \
-i /usr/share/lib/smartcard/SolarisAuthApplet.jib \
-T IButton -o /home/CorporateCard.capx -v The following exit values are returned:
Successful completion.
An error occurred.
See attributes(5) for descriptions of the following attributes:
|
ocfserv(1M), attributes(5), smartcard(5)
The command line options contain only alphanumeric input.
|