I've looked through a few websites looking for a way to install a CAC reader to use with DoD. I would think that Fedora nee Redhat would support this out of the box, but it appears not to be the case.

It appears to need pcscd (with possible restarts on login), coolkey, and various other packages, and DoD certs 11 through 26.

What is the easiest way to get the CAC working? I know Linux can do it. The Air Force developed a live CD which recognizes the CAC reader by default. Very cool, actually.

http://spi.dod.mil/lipose.htm

CAC Reader
I've looked through a few websites looking for a way to install a CAC reader to use with DoD. I would think that Fedora nee Redhat would support this out of the box, but it appears not to be the case.

Fedora consists exclusively of free/open source software (FOSS). This means that all Fedora packages make source code available and all software is covered by GPL, MIT, BSD and very similar source use licenses. Except for wifi firmware modules and a few other tiny bits, you can download every line of source code for Fedora, modify it as you please, resell it or give it away with only minor restrictions/obligations of those licenses.

Maybe there is no FOSS CAC reader. Maybe any that exists have incompatible licenses. Maybe there is a FOSS CAC reader that simply isn't included in Fedora (If you YOU could package it and get acceptance for Fedora inclusion - OR yo could suggest it be included on the developers website (few F-developers on this forum) . If there is no FOSS version you could talk to the guys who manage rpmfusion about including it as an rpm package.

It appears to need pcscd (with possible restarts on login), coolkey, and various other packages, and DoD certs 11 through 26.

It doesn't surprise me that you need additional certs to make this package work. I have no idea where you get these. pcscd is in the Fedora 'pcsc-lite' package.

What is the easiest way to get the CAC working? I know Linux can do it. The Air Force developed a live CD which recognizes the CAC reader by default. Very cool, actually.

http://spi.dod.mil/lipose.htm

Not only cool - but the bootable CD has certain nice security properties. You can always mount the CD/DVD and see exactly what is in there.

====

That webpage describes a standalone bootable Linux CD that contains an already configures CDC reader.
If you follow the links you'll find
http://spi.dod.mil/ewizardaddon.htm
which has a link to a downloadable plugin for Firefox 3.x here
http://spi.dod.mil/docs/EncryptionWizard_3.3.0.xpi

You should use your browser, download that plugin. "EncryptionWizard_3.3.0.xpi".
After you download that file, than start firefox browser.

Verify that it is a 3.x version of firefox.
Select Help->About_Mozilla_Firefox.
The popup window may say you have 3.6.7 for example.
(close the popup).

Load the plugin (this is a one-time task) into firefox.
Select File->Open_File.
In the popup file-selector window navigate to the downloaded file (maybe it's in ~/Downloads), select the file and click "Open".
In the new "Software Installation" window you'll see the plugin described.
Select "Install now".
After installation the plugin says you must restart Firefox,
Select "Restart now".

You can verify the package is installed by ...
Select Tools->Add_ons
In the new window select the "Extensions" tab.
Verify that "Encryption Wizard 3.2.6, ATPSI's Encryption Wizard (ver 3.2.6) in a Firefox extension package" is in the list.

Also at the bottom of the Firefox browser window you will see a new "Encryption Wizard Enabled" toggle button.

===

How you use the plug-in... I have no idea. This may help.


This is an early access release for wide evaluation and usage.

The Encryption Wizard Add-On provides file encryption, decryption, and archiving capabilities for uploading and downloading in HTML-based email web clients, such as OWA webmail and Yahoo Mail but only within Mozilla Firefox. Interaction within the EW GUI should be the same if one is using EW in its .jar or Add-on forms.
http://spi.dod.mil/docs/EW_RelNotes.pdf

It seems the DoD is setting up their own certificate authority and their own crypto. So you need the certs to establish trust.

do a yum install pcsc* and after that, service pcscd start and hook up your reader. then install the DoD configuration addon for firefox from here http://www.forge.mil/Resources-Firefox.html

after that, restart firefox as usual cause of the install of the addon, and bring up the preferences up the config addon, and update the root certs and the federal certs. restart firefox, and you should be good. if you need any more help, let me know.