smartcard(1M)
NAME
smartcard - configure and administer a smart card
SYNOPSIS
smartcard -c admin [-a application] [propertyname...]
smartcard -c admin [-a application] [-x { add|delete|modify
} propertyname=value...]
smartcard -c admin -t service -j classname -x {
add|delete|modify}
smartcard -c admin -t terminal { -j classname | -H librar-
yname } -d device -r userfriendlyreadername -n readername -x
{ add|delete|modify } [-R]
smartcard -c admin -t debug -j classname -l level -x {
add|delete|modify}
smartcard -c admin -t override -x { add|delete|modify}
propertyname=value
smartcard -c admin -I -k keytype -i filename
smartcard -c admin -E -k keytype -o filename
smartcard -c load -A aid [-r userfriendlyreadername] -P pin
[-s slot] [-i inputfile] [-p propfile] [-v]
[propertyname=value...]
smartcard -c load -u -P pin [-A aid] [-r userfriendlyreader-
name] [-s slot] [-v]
smartcard -c bin2capx -T cardname [-i inputfile] [-o output-
file] [-p propfile] [-I anothercapxfile] [-v]
[propertyname=value...]
smartcard -c init -A aid [-r readername] [-s slot] -L
smartcard -c init -A aid [-r readername] -P pin [-s slot]
[propertyname=value...]
smartcard -c enable
smartcard -c disable
DESCRIPTION
The smartcard utility is used for all configurations related
to a smart card. It comprises the following subcommands:
1. Administration of OCF properties. (-c admin)
This subcommand is used to list and modify any of the OCF
properties. With no arguments it will list all the
current properties. It can only be executed by root. Some
OCF properies are:
defaultcard
# default card for an application
defaultreader
# default reader for an application
authmechanism
# authentication mechanism
validcards
# list of cards valid for an application
A complete listing can be obtained by using the smartcard
utility as described in the EXAMPLES section.
2. Loading and Unloading of applets from the smart card (-c
load) and performing initial configuration of a non-Java
card.
This subcommand administers the applets or properties on
a smartcard. It can be used to load or unload applets
and/or properties to and from a smart card. The applet is
a Java class file that has been run through a converter
to make the byte code JavaCard-compliant. This command
can be used to load both an applet file in the standard
format or a file converted to the capx format. If no -r
option is specified, the loader tries to load to any con-
nected reader, provided it has already been inserted
using the smartcard -c admin command.
3. Converting card applets or properties to the capx format
(-c bin2capx)
This subcommand is used to convert a Java card applet or
properties into a new format called capx before download-
ing it onto the smart card. Converting to this format
enables the applet developer to add applet-specific
information that is useful during the downloading process
and identifies the applet.
In the following example,
smartcard -c bin2capx -i cyberflex.bin \
-T CyberFlex aidto-000102030405060708090A0B0C0D0E0F fileID=2222 \
instanceID=2223 and more.
if no output file is specified, a default file with the
name input_filename.capx is created in the current direc-
tory. The mandatory -T option requires the user to
specify the card name for which the capx file is being
generated.
The following example
smartcard -c bin2capx -T IButton
tells the loader that the capx file contains the binary
for IButton. A single capx file can hold binaries for
multiple cards (1 per card.) Users can, for example, hold
binary files for both CyberFlex and IButton in the same
capx file as follows:
smartcard -c bin2capx -T IButton -i IButton.jib -o file.capx
In the following example,
smartcard -c bin2capx -T CyberFlex -i cyberflex.bin \
-l file.capx -o file.capx
the -l option is used to provide an already-generated
capx file. The output is directed to the same capx file,
resulting in capx file holding binaries for both cards.
4. Personalizing a smart card (-c init)
This subcommand is used to set user-specific information
required by an applet on a smart card. For example, the
Sun applet requires a user name to be set on the card.
This subcommand is also used to personalize information
for non-Java cars.
5. Enabling and disabling the smart card desktop login (-c
{enable | disable)
OPTIONS
The following options are supported:
-a application
Specify application name for the configuration parame-
ter. Parameters may differ depending on the applica-
tion. If no application name is specified, then ocf is
the default application.
-A aid
Specify a unique alphanumeric string that identifies
the applet. The aid argument must be a minimum of 5
characters and can be a maximum of 16 characters in
length. If an applet with an identical aid already
exists on the card, a load will result in an error.
-c Specify subcommand name. Valid options are: admin,
load, bin2capx, init, enable, and disable.
-d device
Specify device on which the reader is connected (for
example, /dev/cua/a).
-D Disable a system from using smart cards.
-E Export the keys to a file.
-H libraryname
Specify the full path of the IFD handler library for
the reader.
-i filename
Specify input file name.
-I Import from a file.
-j classname
Specify fully-qualified class name.
-k keytype
Specify type of key (for example, challenge_response,
pki.)
-l Specify debug level (0-9), signifying level of debug
information displayed.
-L List all properties configurable in an applet.
-n readername
Specify reader name as required by the driver.
-o filename
Specify output file name.
-p propfile
Specify properties file name. This file could contain
a list of property names and value pairs, in the for-
mat propertyname=value.
-P pin
Specify pin used to validate to the card.
-r userfriendlyreadername
Specify user-defined reader name where the card to be
initialized is inserted.
-R Restart the ocf server.
-s slot
Specify slot number. If a reader has multiple slots,
this option specifies which slot to use for initiali-
zation. If a reader has only one slot, this option is
not required. If no slot number is specified, by
default the first slot of the reader is used.
-t Specify type of property being updated. The valid
values are:
service
Updating a card service provider details.
terminal
Updating a card reader provider details.
debug OCF trace level.
override
Override a system property of the same name.
-T cardname
Specify card name.
-u Unload the applet specified by the application ID from
the card. If no application ID is specified, all
applets are unloaded from the card.
-v Verbose mode ( displays helpful messages).
-x Specify action to be taken. Valid values are: add,
delete, or modify.
EXAMPLES
Example 1: Viewing the Values of All Properties
Enter the following command to view the values of all the
properties that are set:
% smartcard -c admin
Example 2: Viewing the Values of Specific Properties
Enter the following command to view the values of specific
properties:
% smartcard -c admin language country
Example 3: Adding a Card Service
Enter the following command to add a card service factory
for a CyberFlex card, available in the package
com.sun.services.cyberflex, to the properties:
% smartcard -c admin -t service \
-j com.sun.services.cyberflex.CyberFlexCardServiceFactory -x add
Example 4: Adding a Reader
Enter the following command to add an SCM reader, available
in the package com.sun.services.scm, to the properties on
device /dev/cua/a and assign it a name of SCM:
% smartcard -c admin -t terminal \
-j com.sun.opencard.terminal.scm.SCMStc.SCMstcCardTerminalFactory \
-x add -d /dev/cua/a -r SCM -n SunSCRI
Enter the following command to add a reader for which an IFD
handler is available:
% smartcard -c admin -t terminal \
-H /usr/lib/smartcard/libifdmyserial.so \
-x add -d /dev/cua/a -r MySerialReader -n MySerial
Example 5: Deleting a Reader
Enter the following command to delete the SCM reader, added
in the previous example, from the properties:
% smartcard -c admin -t terminal -r SCM -x delete
Example 6: Changing the Debug Level
Enter the following command to change the debug level for
all of the com.sun package to 9:
% smartcard -c admin -t debug -j com.sun -l 9 -x modify
Example 7: Setting the Default Card for an Application
Enter one of the following commands to set the default card
for an application (dtlogin) to be CyberFlex.
If the property default card does not exist, enter the fol-
lowing command:
% smartcard -c admin -a dtlogin -x add defaultcard=CyberFlex
If the property default card exists, enter the following
command:
% smartcard -c admin -a dtlogin -x modify defaultcard=CyberFlex
Example 8: Exporting Keys for a User into a File
Enter the following command to export the challenge-response
keys for a user into a file:
% smartcard -c admin -k challenge_response -E -o /tmp/mykeys
Example 9: Importing Keys from a File
Enter the following command to import the challenge-response
keys for a user from a file:
% smartcard -c admin -k challenge_response -I -i /tmp/mykeys
Example 10: Downloading an Applet into a Java Card
Enter the following command to download an applet into a
Java card or to configure a PayFlex (non-Java) card inserted
into an SCM reader for the capx file supplied in the
/usr/share/lib/smartcard directory:
% smartcard -c load -r SCM \
-i /usr/share/lib/smartcard/SolarisAuthApplet.capx
Example 11: Downloading an Applet Binary
Enter the following command to download an applet binary
from some place other that the capx file supplied with
Solaris 8 into an IButton (the aid and input file are manda-
tory, the remaining parameters are optional):
% smartcard -c load -A A000000062030400 -i newapplet.jib
Example 12: Downloading an Applet on a CyberFlex Access Card
On a CyberFlex Access Card, enter the following command to
download an applet newapplet.bin at fileID 2222, instanceID
3333 using the specified verifyKey and a heap size of 2000
bytes:
% smartcard -c load -A newaid -i newapplet.bin \
fileID=2222 instanceID=3333 verifyKey=newKey \
MAC=newMAC heapsize=2000
Example 13: Configuring a PayFlex Card
Enter the following command to configure a PayFlex (non-
Java) card with specific aid, transport key, and initial
pin:
% smartcard -c load aid-A00000006203400 \
pin=242424246A617661 transportKey=4746584932567840
Example 14: Unloading an Applet from a Card
Enter the following command to unload an applet from iBut-
ton:
% smartcard -c load -u
Example 15: Displaying Usage of smartcard -c load
Enter the following command to display the usage of the
smartcard -c load command:
% smartcard -c load
Example 16: Displaying All Configurable Parameters for an
Applet
Enter the following command to display all the configurable
parameters for an applet with aid 123456 residing on a card
inserted into an SCM reader:
% smartcard -c init -r SM -A 123456 -L
Example 17: Changing the PIN
Enter the following command to change the pin for the Solar-
isAuthApplet residing on a card or to change the PIN for a
PayFlex (non-Java) card inserted into an SCM reader:
% smartcard -c init -A A000000062030400 -P oldpin pin=newpin
Example 18: Displaying All Configurable Parameters for the
SolarisAuthApplet.
Enter the following command to display all the configurable
parameters for the SolarisAuthApplet residing on a card
inserted into an SCM reader:
% smartcard -c init -A A000000062030400 -L
Example 19: Setting a Property to a Value on a smart card
Enter the following command to set properties called "user"
to the value "james" and "application" to the value "login"
on a card inserted into an SCM reader that has a pin
"testpin":
% smartcard -c init -A A000000062030400 -r CyberFlex -P testpin \
application=login user=james
Example 20: Converting an Applet for the CyberFlex Card into
capx Format.
Enter the following command to convert an applet for the
CyberFlex card into the capx format required for downloading
the applet into the card:
% smartcard -c bin2capx \
-i /usr/share/lib/smartcard/SolarisAuthApplet.bin \
-T CyberFlex -o /home/CorporateCard.capx -v memory=128 heapsize=12
Example 21: Converting an Applet for the IButton Card into
capx Format
Enter the following command to convert an applet for the
IButton card into the capx format required for downloading
the applet into the button:
% smartcard -c bin2capx \
-i /usr/share/lib/smartcard/SolarisAuthApplet.jib \
-T IButton -o /home/CorporateCard.capx -v
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWocf |
|_____________________________|_____________________________|
| Interface Stability | Stable |
|_____________________________|_____________________________|
SEE ALSO
ocfserv(1M), attributes(5), smartcard(5)
NOTES
The command line options contain only alphanumeric input.
Man(1) output converted with
man2html