Setup Enterprise Security Client, ACR38 SmartCard Reader, Starcoss SPK2.3

Enterprise Security Client (ESC) adalah user interface untuk dapat memformat dan memanage smart cards. Bagian ini merupakan bagian front end untuk user dalam sebuah lingkup pekerjaan Certificate System, yang dalam hal ini saya menggunakan Dogtag Certificate System. ESC dapat digunakan pada smart Card yang sudah mendukung Javacard 2.1 / Global Platform 2.0.1 compliant. Saya masih menunggu kiriman Java Card dari India dan Eropa, yaitu SmartCafeExpert 3.2 dan JCOP 31 V 2.2, saat ini masih menggunakan card Starcoss SPK2.3 produksi Jerman.

Untuk membaca smart cards diperlukan reader dalam hal ini menggunakan ACR38 SmartCard Reader USB yang dapat diinstall pada OS Windows dan OS Linux. Kali ini saya coba pada distro Fedora 13 (Codename: Goddard)

Instalasi ESC,ACR38, pada sistem operasi Linux distro  Fedora 13 :

Pada saat menginstall Dogtag Cert system sudah termasuk menginstall ESC :

#yum install  dogtag-pki

esc                                                    i686                      1.1.0-12.fc13                             fedora                     380 k

esc.i686 0:1.1.0-12.fc13

#pkicreate -pki_instance_root=/var/lib        \
>           -pki_instance_name=pki-tps         \
>           -subsystem_type=tps                \
>           -secure_port=7889                  \
>           -non_clientauth_secure_port=7890   \
>           -unsecure_port=7888                \
>           -user=pkiuser                      \
>           -group=pkiuser                     \
>           -redirect conf=/etc/pki-tps        \
>           -redirect logs=/var/log/pki-tps    \
>           -verbose

# /sbin/service pki-tpsd restart pki-tps

pki-tps (pid 19589) is running …

Unsecure Port              = http://gtoms.lab:7888/cgi-bin/so/enroll.cgi
(ESC Security Officer Enrollment)
Unsecure Port              = http://gtoms.lab:7888/cgi-bin/home/index.cgi
(ESC Phone Home)
Secure Clientauth Port     = https://gtoms.lab:7889/cgi-bin/sow/welcome.cgi
(ESC Security Officer Workstation)
Secure Clientauth Port     = https://gtoms.lab:7889/tus
(TPS Roles – Operator/Administrator/Agent)
Secure Non-Clientauth Port = https://gtoms.lab:7890/cgi-bin/so/enroll.cgi
(ESC Security Officer Enrollment)
Secure Non-Clientauth Port = https://gtoms.lab:7890/cgi-bin/home/index.cgi
(ESC Phone Home)

– Configuring Phone Home

[root@gtoms pki-tps]# nano CS.cfg

op.format.userKey.issuerinfo.enable=true
op.format.userKey.issuerinfo.value=http://gtoms.lab:7888/cgi-bin/home/index.cgi
auth.instance.0.baseDN=dc=lab
auth.instance.0.hostport=localhost:389

– Setting Global Phone Home Information

[root@gtoms /]# cd /usr/lib/esc-1.1.0/defaults/preferences

[root@gtoms preferences]# nano esc-prefs.js
pref(“esc.global.phone.home.url”,”http://gtoms.lab:7888/cgi-bin/home/index.cgi”);

Install driver ACR38 ACS CCID PC/SC Driver 1.0.2 Smart Card Reader USB :

# wget http://www.acs.com.hk/drivers/eng/ACR38_Driver_Lnx_1000_P.zip

# unzip ACR38_Driver_Lnx_1000_P.zip

#tar zvxf  ACR38_LINUX_100710_P.tar.gz
Sebelem mengkonfigure ACR38_LINUX_100710_P,  install dahulu PCS Devel Lite, Flex, Libusb :

#  wget -c ftp://195.220.108.108/linux/fedora/releases/13/Everything/i386/os/Packages/pcsc-lite-libs-1.5.5-4.fc13.i686.rpm

# wget -c ftp://fr2.rpmfind.net/linux/fedora/releases/13/Everything/i386/os/Packages/pcsc-lite-devel-1.5.5-4.fc13.i686.rpm

# wget -c ftp://fr2.rpmfind.net/linux/fedora/releases/13/Everything/i386/os/Packages/libusb-devel-0.1.12-22.fc12.i686.rpm

# rpm -ivh pcsc-lite-libs-1.5.5-4.fc13.i686.rpm

# rpm -ivh pcsc-lite-devel-1.5.5-4.fc13.i686.rpm

# rpm -ivh  libusb-devel-0.1.12-22.fc12.i686.rpm

Kita configure ACR38_LINUX_100710_P :

[root@gtoms ACR38_LINUX_100710_P]# ./configure

[root@gtoms ACR38_LINUX_100710_P]# make

[root@gtoms ACR38_LINUX_100710_P]# make check

[root@gtoms ACR38_LINUX_100710_P]# make install

Install INSTALL ACR38 (CCID) :

[root@gtoms gtoms]# cd ACR38_Driver_Lnx_1000_P

[root@gtoms ACR38_Driver_Lnx_1000_P]# cd ACR38\ \(CCID\)/

[root@gtoms ACR38 (CCID)]# tar -jxvf acsccid-1.0.2.tar.bz2
acsccid-1.0.2/
acsccid-1.0.2/configure.ac
acsccid-1.0.2/m4/
acsccid-1.0.2/m4/libtool.m4

[root@gtoms gtoms]# cd acsccid-1.0.2/

[root@gtoms acsccid-1.0.2]# ./configure

[root@gtoms acsccid-1.0.2]# make

[root@gtoms acsccid-1.0.2]# make check

[root@gtoms acsccid-1.0.2]# make install

[root@gtoms acsccid-1.0.2]# rpm -q ccid
ccid-1.3.11-1.fc13.i686

[root@gtoms acsccid-1.0.2]# rpm -q pcsc-lite
pcsc-lite-1.5.5-4.fc13.i686
[root@gtoms acsccid-1.0.2]#

ACR38 Smart Card Reader USB di colok ke port USB :

[root@gtoms gtoms]#  lsusb
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 003: ID 1241:1166 Belkin MI-2150 Trust Mouse
Bus 003 Device 002: ID 1c4f:0002 SiGma Micro
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 003: ID 072f:90cc Advanced Card Systems, Ltd ACR38 SmartCard Reader
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

[root@gtoms gtoms]# tail -f /var/log/messages
Jun 20 13:37:01 gtoms kernel: usb 2-2: new full speed USB device using uhci_hcd and address 3
Jun 20 13:37:02 gtoms kernel: usb 2-2: New USB device found, idVendor=072f, idProduct=90cc
Jun 20 13:37:02 gtoms kernel: usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
Jun 20 13:37:02 gtoms kernel: usb 2-2: Product: CCID USB Reader
Jun 20 13:37:02 gtoms kernel: usb 2-2: Manufacturer: ACS

Testing lain menjalankan ESC (Smart card Manager melalui Linux Fedora 13 desktop)

One thought on “Setup Enterprise Security Client, ACR38 SmartCard Reader, Starcoss SPK2.3

  1. Amin

    pak, tolong bantu saya

    saya punya acr38 dan akan saya pasang pada laptop saay yang windows 7. saya tidak mengerti bagaimana caranya agar reader ini dapat dipergunakan. bisa tolong dijelaskan bagaimana caranya?

    sejauh ini saya download drivernya tapi belum bisa masuk dan bagaimana cara programnya?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.