smartcard(1M) System Administration Commands smartcard(1M)NAMEsmartcard - configure and administer a smart card
SYNOPSISsmartcard-c admin [-a application] [propertyname]...
smartcard-c admin [-a application]
[-x { add|delete|modify } propertyname=value...]
smartcard-c admin -t service -j classname -x
{ add|delete|modify}
smartcard-c admin -t terminal
{ -j classname | -H libraryname } -d device -r userfriendlyreadername -n readername -x
{ add|delete|modify }
[-R]
smartcard-c admin -t debug -j classname -l level -x
{ add|delete|modify}
smartcard-c admin -t override -x { add|delete|modify} propertyname=value
smartcard-c admin -I -k keytype -i filename
smartcard-c admin -E -k keytype -o filename
smartcard-c load -A aid [-r userfriendlyreadername] -P pin
[-s slot] [-i inputfile] [-p propfile] [-v]
[propertyname=value]...
smartcard-c load -u -P pin [-A aid]
[-r userfriendlyreadername] [-s slot] [-v]
smartcard-c bin2capx -T cardname [-i inputfile]
[-o outputfile] [-p propfile] [-I anothercapxfile]
[-v] [propertyname=value]...
smartcard-c init -A aid [-r readername] [-s slot] -L
smartcard-c init -A aid [-r readername] -P pin [-s slot]
[propertyname=value]...
smartcard-c enable
smartcard-c disable
DESCRIPTION
The smartcard utility is used for all configurations related to a smart
card. It comprises the following subcommands:
1. Administration of OCF properties. (-c admin)
This subcommand is used to list and modify any of the OCF
properties. With no arguments it will list all the current
properties. It can only be executed by root. Some OCF
properies are:
defaultcard
# default card for an application
defaultreader
# default reader for an application
authmechanism
# authentication mechanism
validcards
# list of cards valid for an application
A complete listing can be obtained by using the smartcard utility
as described in the EXAMPLES section.
2. Loading and Unloading of applets from the smart card (-c
load) and performing initial configuration of a non-Java
card.
This subcommand administers the applets or properties on a
smartcard. It can be used to load or unload applets and/or
properties to and from a smart card. The applet is a Java
class file that has been run through a converter to make the
byte code JavaCard-compliant. This command can be used to
load both an applet file in the standard format or a file
converted to the capx format. If no -r option is specified,
the loader tries to load to any connected reader, provided
it has already been inserted using the smartcard-c admin
command.
3. Converting card applets or properties to the capx format (-c
bin2capx)
This subcommand is used to convert a Java card applet or
properties into a new format called capx before downloading
it onto the smart card. Converting to this format enables
the applet developer to add applet-specific information that
is useful during the downloading process and identifies the
applet.
In the following example,
smartcard-c bin2capx -i cyberflex.bin \
-T CyberFlex aidto-000102030405060708090A0B0C0D0E0F fileID=2222 \
instanceID=2223 and more.
if no output file is specified, a default file with the name
input_filename.capx is created in the current directory. The
mandatory -T option requires the user to specify the card
name for which the capx file is being generated.
The following example
smartcard-c bin2capx -T IButton
tells the loader that the capx file contains the binary for
IButton. A single capx file can hold binaries for multiple
cards (1 per card.) Users can, for example, hold binary
files for both CyberFlex and IButton in the same capx file
as follows:
smartcard-c bin2capx -T IButton -i IButton.jib -o file.capx
In the following example,
smartcard-c bin2capx -T CyberFlex -i cyberflex.bin \
-l file.capx -o file.capx
the -l option is used to provide an already-generated capx
file. The output is directed to the same capx file, result‐
ing in capx file holding binaries for both cards.
4. Personalizing a smart card (-c init)
This subcommand is used to set user-specific information
required by an applet on a smart card. For example, the Sun
applet requires a user name to be set on the card. This sub‐
command is also used to personalize information for non-Java
cars.
5. Enabling and disabling the smart card desktop login (-c
{enable | disable)
OPTIONS
The following options are supported:
-a application
Specify application name for the configuration parameter. Parame‐
ters may differ depending on the application. If no application
name is specified, then ocf is the default application.
-A aid
Specify a unique alphanumeric string that identifies the applet.
The aid argument must be a minimum of 5 characters and can be a
maximum of 16 characters in length. If an applet with an identical
aid already exists on the card, a load will result in an error.
-c
Specify subcommand name. Valid options are: admin, load, bin2capx,
init, enable, and disable.
-d device
Specify device on which the reader is connected (for example,
/dev/cua/a).
-D
Disable a system from using smart cards.
-E
Export the keys to a file.
-H libraryname
Specify the full path of the IFD handler library for the reader.
-i filename
Specify input file name.
-I
Import from a file.
-j classname
Specify fully-qualified class name.
-k keytype
Specify type of key (for example, challenge_response, pki.)
-l
Specify debug level (0-9), signifying level of debug information
displayed.
-L
List all properties configurable in an applet.
-n readername
Specify reader name as required by the driver.
-o filename
Specify output file name.
-p propfile
Specify properties file name. This file could contain a list of
property names and value pairs, in the format propertyname=value.
-P pin
Specify pin used to validate to the card.
-r userfriendlyreadername
Specify user-defined reader name where the card to be initialized
is inserted.
-R
Restart the ocf server.
-s slot
Specify slot number. If a reader has multiple slots, this option
specifies which slot to use for initialization. If a reader has
only one slot, this option is not required. If no slot number is
specified, by default the first slot of the reader is used.
-t
Specify type of property being updated. The valid values are:
service
Updating a card service provider details.
terminal
Updating a card reader provider details.
debug
OCF trace level.
override
Override a system property of the same name.
-T cardname
Specify card name.
-u
Unload the applet specified by the application ID from the card. If
no application ID is specified, all applets are unloaded from the
card.
-v
Verbose mode ( displays helpful messages).
-x
Specify action to be taken. Valid values are: add, delete, or mod‐
ify.
EXAMPLES
Example 1 Viewing the Values of All Properties
Enter the following command to view the values of all the properties
that are set:
% smartcard-c admin
Example 2 Viewing the Values of Specific Properties
Enter the following command to view the values of specific properties:
% smartcard-c admin language country
Example 3 Adding a Card Service
Enter the following command to add a card service factory for a Cyber‐
Flex card, available in the package com.sun.services.cyberflex, to the
properties:
% smartcard-c admin -t service \
-j com.sun.services.cyberflex.CyberFlexCardServiceFactory -x add
Example 4 Adding a Reader
Enter the following command to add the IFD handler for the internal
reader:
% smartcard-c admin -t terminal \
-H /usr/lib/smartcard/ifdh_scmi2c.so -x add \
-d /dev/scmi2c0 -r MyInternalReader -n SunISCRI
Example 5 Deleting a Reader
Enter the following command to delete the SCM reader, added in the pre‐
vious example, from the properties:
% smartcard-c admin -t terminal -r SCM -x delete
Example 6 Changing the Debug Level
Enter the following command to change the debug level for all of the
com.sun package to 9:
% smartcard-c admin -t debug -j com.sun -l 9 -x modify
Example 7 Setting the Default Card for an Application
Enter one of the following commands to set the default card for an
application (dtlogin) to be CyberFlex.
If the property default card does not exist, enter the following com‐
mand:
% smartcard-c admin -a dtlogin -x add defaultcard=CyberFlex
If the property default card exists, enter the following command:
% smartcard-c admin -a dtlogin -x modify defaultcard=CyberFlex
Example 8 Exporting Keys for a User into a File
Enter the following command to export the challenge-response keys for a
user into a file:
% smartcard-c admin -k challenge_response -E -o /tmp/mykeys
Example 9 Importing Keys from a File
Enter the following command to import the challenge-response keys for a
user from a file:
% smartcard-c admin -k challenge_response -I -i /tmp/mykeys
Example 10 Downloading an Applet into a Java Card
Enter the following command to download an applet into a Java card or
to configure a PayFlex (non-Java) card inserted into an SCM reader for
the capx file supplied in the /usr/share/lib/smartcard directory:
% smartcard-c load -r SCM \
-i /usr/share/lib/smartcard/SolarisAuthApplet.capx
Example 11 Downloading an Applet Binary
Enter the following command to download an applet binary from some
place other that the capx file supplied with Solaris 8 into an IButton
(the aid and input file are mandatory, the remaining parameters are
optional):
% smartcard-c load -A A000000062030400 -i newapplet.jib
Example 12 Downloading an Applet on a CyberFlex Access Card
On a CyberFlex Access Card, enter the following command to download an
applet newapplet.bin at fileID 2222, instanceID 3333 using the speci‐
fied verifyKey and a heap size of 2000 bytes:
% smartcard-c load -A newaid -i newapplet.bin \
fileID=2222 instanceID=3333 verifyKey=newKey \
MAC=newMAC heapsize=2000
Example 13 Configuring a PayFlex Card
Enter the following command to configure a PayFlex (non-Java) card with
specific aid, transport key, and initial pin:
% smartcard-c load -A A00000006203400 \
pin=242424246A617661 transportKey=4746584932567840
Example 14 Unloading an Applet from a Card
Enter the following command to unload an applet from iButton:
% smartcard-c load -u
Example 15 Displaying Usage of smartcard-c load
Enter the following command to display the usage of the smartcard-c
load command:
% smartcard-c load
Example 16 Displaying All Configurable Parameters for an Applet
Enter the following command to display all the configurable parameters
for an applet with aid 123456 residing on a card inserted into an SCM
reader:
% smartcard-c init -r SM -A 123456 -L
Example 17 Changing the PIN
Enter the following command to change the pin for the SolarisAuthApplet
residing on a card or to change the PIN for a PayFlex (non-Java) card
inserted into an SCM reader:
% smartcard-c init -A A000000062030400 -P oldpin pin=newpin
Example 18 Displaying All Configurable Parameters for the Solar‐
isAuthApplet.
Enter the following command to display all the configurable parameters
for the SolarisAuthApplet residing on a card inserted into an SCM
reader:
% smartcard-c init -A A000000062030400 -L
Example 19 Setting a Property to a Value on a smart card
Enter the following command to set properties called user to the value
james and application to the value login on a card inserted into an SCM
reader that has a pin testpin:
% smartcard-c init -A A000000062030400 -r CyberFlex -P testpin \
application=login user=james
Example 20 Converting an Applet for the CyberFlex Card into capx For‐
mat.
Enter the following command to convert an applet for the CyberFlex card
into the capx format required for downloading the applet into the card:
% smartcard-c bin2capx \
-i /usr/share/lib/smartcard/SolarisAuthApplet.bin \
-T CyberFlex -o /home/CorporateCard.capx -v memory=128 heapsize=12
Example 21 Converting an Applet for the IButton Card into capx Format
Enter the following command to convert an applet for the IButton card
into the capx format required for downloading the applet into the but‐
ton:
% smartcard-c bin2capx \
-i /usr/share/lib/smartcard/SolarisAuthApplet.jib \
-T IButton -o /home/CorporateCard.capx -v
EXIT STATUS
The following exit values are returned:
0
Successful completion.
1
An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWocf │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Stable │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOocfserv(1M), attributes(5), smartcard(5)NOTES
The command line options contain only alphanumeric input.
SunOS 5.10 25 Nov 2008 smartcard(1M)
