[pkg-opensc-maint] Bug#922650: opensc-pkcs11: fails to work with dual CAC PIV cards

A. Maitland Bottoms bottoms at debian.org
Mon Feb 18 22:29:19 GMT 2019

Package: opensc-pkcs11
Version: 0.19.0-1
Severity: important
Tags: patch

Dear Maintainer,

Recent PIV enabled CAC cards are not handled by the opensc 0.19.0
release. Yet all current CAC cards are scheduled to enable PIV
authentication by March 31, 2019.

For users of these cards, this bug is of grave severity.

This problem has been solved recently upstream
although the fixes have not yet been included in an upstream release.

I have cherry-picked from upstream commits a small set that provides
working card support. It works for me using
pkcs11-tool --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -l -t
ssh-keygen -D /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
ssh -I /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
and Firefox browser smart card token support.

Attached is a debdiff of my test package.

I think Buster will be much better if we can release it with support
for this use case.


enc: opensc-pkcs11-Dual-CAC-PIV-and-PIVK-support.debdiff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opensc-pkcs11-Dual-CAC-PIV-and-PIVK-support.debdiff
Type: application/octet-stream
Size: 40399 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-opensc-maint/attachments/20190218/5781ba74/attachment-0001.obj>

More information about the pkg-opensc-maint mailing list