NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES
The smartcard utility is used for all configurations related to a smartcard. It comprises various subcommands descibed below:
Administration of OCF properties. (-c admin)
This subcommand is used to list and modify any of the OCF properties. With no arguments it will list all the current properties. It can only be executed by root. Some OCF properies are:
# default card for an application
# default reader for an application
# authentication mechanism to
# list of cards valid for an application
A complete listing can be obtained by using the smartcard command as described in the EXAMPLES section below.
Loading and Unloading of applets from the smartcard (-c load) and performing initial configuration of a non-Java card.
This subcommand administers the applets or properties on a smartcard. It can be used to load or unload applets and/or properites to and from a smartcard. The applet is a java class file that has been run through a convertor to make the byte code JavaCard-compliant. This command can be used to load both an applet file in the standard format or a file converted to the capx format. If no -r option is specified, the loader tries to load to any connected reader, provided it has already been inserted using the smartcard -c admin command.
Converting card applets or properties to the capx format (-c bin2capx)
This subcommand is used to convert a java card applet or properties into a new format called capx before downloading it onto the smartcard. Converting to this format enables the applet developer to add applet-specific information that is useful during the downloading process and identifies the applet.
smartcard -c bin2capx -i cyberflex.bin \ -T CyberFlex aidto-000102030405060708090A0B0C0D0E0F fileID=2222 \ instanceID=2223 and more. |
smartcard -c bin2capx -T IButton |
smartcard -c bin2capx -T IButton -i IButton.jib -o file.capx |
smartcard -c bin2capx -T CyberFlex -i cyberflex.bin \ -l file.capx -o file.capx |
Personalizing the smartcard (-c init)
This subcommand is used to set user-specific information required by an applet on a smartcard. For example, the Sun applet requires a user name to be set on the card. This subcommand is also used to personalize information for non-Java cars.
Enabling and disabling the host for smartcard (-c {enable | disable)
The following options are supported:
Specify application name for the configuration parameter. Parameters may differ depending on the application. If no application name is specified, then ocf is the default application.
Specify a unique alphanumeric string that identifies the applet. The aid argument must be a minimum of 5 characters and can be a maximum of 16 characters in length. If an applet with an identical aid already exists on the card, a load will result in an error.
Specify subcommand name. Valid options are: admin, load, bin2capx, init, enable and disable.
Specify device on which the reader is connected (for example, /dev/cua/a).
Disable a system from using smartcards.
Export the keys to a file.
Specify input file name.
Import from a file.
Specify fully-qualified class name.
Specify type of key (for example, challenge_response, pki.)
Specify debug level (0-9), signifying level of debug information displayed.
List all properties configurable in an applet.
Specify reader name as required by the driver.
Specify output file name.
Specify properties file name. This file could contain a list of property names and value pairs, in the format propertyname=value.
Specify pin used to validate to the card.
Specify user-defined reader name where the card to be initialized is inserted.
Restart the ocf server.
Specify slot number. If a reader has multiple slots, this option specifies which slot to use for initialization. If a reader has only one slot, this option is not required. If no slot number is specified, by default the fist slot of the reader is used.
Specify type of property being updated. The valid values are:
Updating a card service provider details.
Updating a card reader provider details.
OCF trace level.
Override a system property of the same name.
Specify card name.
Unload the applet specified by the application ID from the card. If no application ID is specified, all applets are unloaded from the card.
Verbose mode ( displays helpful messages).
Specify action to be taken. Valid values are: add, delete, or modify.
To view the values of all the properties that are set:
% smartcard -c admin |
To view the values of specific properties:
% smartcard -c admin language country |
To add a card service factory for a CyberFlex card, available in the package com.sun.services.cyberflex, to the properties:
% smartcard -c admin -t service \ -j com.sun.services.cyberflex.CyberFlexCardServiceFactory -x add |
To add a SCM reader, available in the package com.sun.services.scm, to the properties on device /dev/cua/a and assign it a name of "SCM":
% smartcard -c admin -t terminal \ -j com.sun.terminal.scm.SCMstcCardTerminalFactory \ -x add -d /dev/cua/a -r SCM -n SCM123 |
To delete the SCM reader, added in the previous example, from the properties:
% smartcard -c admin -t terminal -r SCM -x delete |
To change the debug level for all of the com.sun package to 9:
% smartcard -c admin -t debug -j com.sun -l 9 -x modify |
To set the default card for an application (dtlogin) to be CyberFlex:
% smartcard -c admin -a dtlogin defaultcard=CyberFlex |
To export the challege-response keys for a user into a file:
% smartcard -c admin -k challenge_response -E -o /tmp/mykeys |
To import the challege-response keys for a user from a file:
% smartcard -c admin -k challenge_response -I -i /tmp/mykeys |
To download an applet into a Java card or to configure a PayFlex (non-Java) card inserted into a SCM reader for the capx file supplied in the /usr/share/lib/smartcard directory:
% smartcard -c load -r SCM \ -i /usr/share/lib/smartcard/SolarisAuthApplet.capx |
To download an applet binary from some place other that the capx file supplied with Solaris8 into an IButton (the AID and input file are mandatory, the remaining parameters are optional):
% smartcard -c load -A A000000062030400 -i newapplet.jib |
On a CyberFlex Access Card, to download an applet newapplet.bin at fileID 2222, instanceID 3333 using the specified verifyKey and a heap size of 2000 bytes:
% smartcard -c load -A newAID -i newapplet.bin \ fileID=2222 instanceID=3333 verifyKey=newKey \ MAC=newMAC heapsize=2000 |
To configure a PayFlex (non-Java) card with specific AID, transport key, and initial pin:
% smartcard -c load aid-A00000006203400 \ pin=242424246A617661 transportKey=4746584932567840 |
To unload the applet, with ID A000000062030400, from the card inserted into an IButton reader:
% smartcard -c load -r IButtonAdapter -u -A A000000062030400 |
To display the usage of the smartcard -c load command:
% smartcard -c load |
To display all the configurable parameters for an applet with aid 123456 residing on a card inserted into an SM reader:
% smartcard -c init -r SM -A 123456 -L |
To change the pin for the SolarisAuthApplet residing on a card or to change the pin for a PayFlex (non-Java) card inserted into an SM reader:
% smartcard -c init -A A000000062030400 -P oldpin pin=newpin |
To display all the configurable parameters for the SolarisAuthApplet residing on a card inserted into an SM reader:
% smartcard -c init -A A000000062030400 -L |
To set properties called "user" to the value "james" and "application" to the value "login" on a card inserted into an SM reader that has a pin "testpin":
% smartcard -c init -A A000000062030400 -r CyberFlex -P testpin \ application=login user=james |
To convert an applet for the CyberFlex card into the capx format required for downloading the aplet into the card:
% smartcard -c bin2capx \ -i /usr/share/lib/smartcard/SolarisAuthApplet.bin \ -T CyberFlex -o /home/CorporateCard.capx -v memory=128 heapsize=12 |
To convert an applet for the IButton card into the capx format required for downloading the aplet into the button:
% smartcard -c bin2capx -i /usr/share/lib/smartcard/SolarisAuthApplet.jib \ -T IButton -o /home/CorporateCard.capx -v |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWocf |
The command line options contain only alphanumeric input.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | EXIT STATUS | ATTRIBUTES | SEE ALSO | NOTES