Architecture for issuing dod mobile derived credentials. This website was created because of the lack of information available to show how to utilize common access card cac s on personal computers. The following is a guide to assist in setting up opensuse to access cacenabled dod websites. It looks like there is no support for my upgrade and cac. Use smart cards on chrome os this article focuses on the steps required to successfully start using your smart card on chrome os on your personal device. Bug 534172 coolkey not recognizing dod cacs on gemalto topdlgx4 144k cards. Open source cannot cure all of the dods software ills. Theres a tool installroot on the disa website that should link you to, which does exactly that. Opensc provides a set of utilities to access smart cards. However, it does possess the potential to substantially improve software outcomes for the dod in the same way it has. Open source software and the department of defense. Not all cac certificates have a principal name pn or the same pn, but those that do have a pn, all start with the same first 10 digits, which is the dod users edipi also known as dod id.
Setting up firefox to use your cac on your windows computer. Government software acquisition policies dfars and data rights vicki e. When the user goes to the site theyll be presented with a list of valid certificates on the cac card. Dod cac software free download dod cac top 4 download. In accordance with current dod id card policy, id cards shall be used as proof of identity and dod affiliation to facilitate access to dod facilities and systems required by the contract. Militarycac has been online since 9 november 2007 and has over 121 individual pages of information and support.
Us department of defense dod now limits access to many of its websites to be via a smart common access card cac authenticated with a personal identification number. Tens release notes united states department of defense. Contractor cac eligibility is specifically dependent on the mission and the dod contract being supported. The following is a guide to assist in setting up mx linux to access cac enabled dod websites. Common access card cacpersonal identity verification. Common access card cac smart id card for activeduty military personnel, selected reserve, dod civilian employees, and eligible contractor personnel. The us army is using the common access cards cac, specified by. Government software acquisition policies dfars and. Sowers abstract with an increase in performance, dependency and ubiquitousness, the necessity for secure mobile. Follow these instructions to easily use your cac or other smart card with firefox. Anybody out there have any luck installing a dod cac reader under os 10.
Dod cac card on ubuntu linux johns tech blog hagensieker. Most say that cackey and or opensc have replaced coolkey, but as of this moment i am using coolkey to access ako and mil. Use a dod smartcard to access cac enabled websites. This is a guide that is tested to work with fedora. In order to access sites enabled with a dod pki certificate without being prompted to accept the dod certificate chain at each log on like firefox and safari do, people using internet explorer. This article shows you how to set up your fedora system to login to dod cac enabled websites. Dod software free download dod top 4 download offers free software downloads for windows, mac, ios and android computers and mobile devices. Dod root certificates all installed in etcsslconfig for cac smartcard middleware, using opensc working great in firefox and chromium for vmware version, i used 5. Cac seems to be for military personnel while piv is for the wider civilian gov population. However the us dod contracted activclient seems to have one which works with the scr331. It facilitates their use in security applications such as mail encryption.
Commonaccesscard community help wiki ubuntu documentation. Use a dod smartcard to access cac enabled websites fedora. Sometimes opensc can struggle to identify the proper driver for cac, instead it. Preface us department of defense dod now limits access to many of its websites to be via a smart common access card cac. The three mentioned are coolkey, cackey, and opensc.
Signing pdfs with dod cac common access card under linux operating systems linux digital signatures signing pdfs with dod cac. The common access card, also commonly referred to as the cac is a smart card about the size of a credit card. Click system, select device manager link upper left corner of the screen, scroll down to smart card readers, select the little triangle next to it to open it up. This document describes how to integrate the us department of defense common access card with unix. Right click the windows logo lower left corner of your screen.
Also cac seems to be pivcompliant but am not sure if that means opensc can read that. It is the standard identification for active duty united states defense. I am the content provider for the army knowledge online ako cac reference center. Opensc facilitate the use of smart cards in security. This package provides the necessary middleware to interface with the dod smartcard. Now we need to install some programs called pcscd and coolkey. Also i got to know that opensc has a windows pkcs11 driver openscpkcs11. Dod cac software free download dod cac top 4 download offers free software downloads for windows, mac, ios and android computers and mobile devices. Department of defense identification number replaced edi. In most wikidocumentationguides they are referred to as modules. I have more than one token inserted a cac, a yubikey, a yubihsm2. Architecture for issuing dod mobile derived credentials david a. We are going to deviate from these instructions since they are not up to date for modern mozilla firefox installations, but the general workflow still is good.
Knowledge repo boyle technical consulting services. Dod common access card and other smartcards on unix flyn. This sets up your computer to trust the dod cryptographic. It also includes tools to test and debug the functionality of your smartcard. Opensc is a set of software tools and libraries to work with smart cards, with the focus on smart cards with cryptographic capabilities. Coolkey not recognizing dod cacs on gemalto topdlgx4 144k cards. You can force the cac driver by editing etc opensc.
The kit is designed for developers of clientside workstation applications using the cac data and services, and developers of cardside applets and middleware. Signing pdfs with dod cac common access card under linux. Us department of defense dod now limits access to many of its websites to be via a smart common access card cac authenticated with a personal identification number pin. An option to use your cac on windows 7 or 8 without installing activclient. It is possible to use your smart card to access dod cac card enabled sites. Reference page to know what all of the acronyms and strange words mean on militarycac. Allums, office of the general counsel defense information systems agency disa department. Militarycacs use your cac on windows 7 or 8 without. In order to use piv, you will need to uninstall coolkey and use either cackey or. Cryptographic hashes of the software downloads, updated 17 mar 2020 this pdf is digitally signed by a certificate with a dod certificate authority at its root.
Cac developer kit cdk this cdk contains documentation and software needed to interact with the cacs machinereadable media smart card ship, magnetic stripe, and barcodes. Sometimes opensc can struggle to identify the proper driver for cac, instead. Plug your cac reader into your computer before proceeding. The linux cac reader stack is based on a set of middleware called pcsc personal computer. Equips multifunction printers mfps with common access card cacpersonal identity verification piv authentication capabilities and prevents unauthorized access to these digital. Militarycacs text links page common access card cac. You may want to edit the file to remove some cas, eg dod email ca11. Sometimes opensc can struggle to identify the proper driver for cac, instead it may choose piv or something else.