# SCR331 Smart Card HOWTO (with pcsc-lite, ccid, opensc)

## step

I wasted some time to get my card working so here is my contribution:

HOWTO for the SCR331 Smart Card (ID Card?) reader:

This is my first HOWTO and English is not my first language...  sorry ;

You need pcsc-lite, ccid and opensc-0.9.6 

to build pcsc-lite-1.2.9_beta8 you need 'MAKEOPTS=-j1' this is just a workaround if you get errors. 

(see https://bugs.gentoo.org/show_bug.cgi?id=108219) 

```

~ # ACCEPT_KEYWORDS=~x86 MAKEOPTS=-j1 emerge sys-apps/pcsc-lite
```

there is a emerge message: 

```
* You should run 'revdep-rebuild --soname libpcsclite.so.0'
```

I have no idea do you need to run this or not. You can try with '-p' option.

So, lets move on: 

```
~ # ACCEPT_KEYWORDS=~x86 emerge app-crypt/ccid 
```

or you can edit the /etc/portage/package.keywords and add app-crypt/ccid ~x86 

At the moment, the app-crypt/ccid must be patched before you can emerge it.

you can get the patch and ebuild from 

https://bugs.gentoo.org/show_bug.cgi?id=109379 (thanx to Steven Coutts)

To use the new ebuild and the patch,  do the following:

```
mkdir /usr/local/portage/app-crypt/ccid
```

Save to modified ebuild from the bug report to that directory.

```
mkdir /usr/local/portage/app-crypt/ccid/files
```

Put the patch from the bug report to that directory

Add the following line to /etc/make.conf

```
PORTDIR_OVERLAY="/usr/local/portage"
```

then 

```
ebuild /usr/local/portage/app-crypt/ccid/ccid-0.9.3.1-r1.ebuild digest

]emerge /usr/local/portage/app-crypt/ccid/ccid-0.9.3.1-r1.ebuild
```

now it's time to install the opensc. 

I had to edit the following line in the opensc-0.9.6-r123.ebuild that is a copy of the opensc-0.9.6.ebuild in my overlay directory /usr/local/portage/dev-libs/opensc

```
...

        pcsc-lite? ( sys-apps/pcsc-lite )"

##      !pcsc-lite? ( >=dev-libs/openct-0.5.0 )"

..
```

now the openct will NOT be emerged. 

nano /etc/reader.conf 

and comment out all the lines :

```
# FRIENDLYNAME     "Generic Reader"

# DEVICENAME       GEN_SMART_RDR

# LIBPATH          /usr/lib/readers/usb/libgen_ifd.so

# CHANNELID        0x0103F8

```

next step is to use the correct opensc.conf 

I must use this (from http://www.opensc.org/ideelabor/wiki/OpenscInstalleerimine) :

and it looks like this: 

```
app default {

   debug = 9;

   debug_file = /tmp/opensc-debug.log;

   error_file = /tmp/opensc-errors.log;

   

   reader_drivers = pcsc;

   reader_driver pcsc {

      apdu_masquerade = none;

      max_send_size = 252;

      max_recv_size = 252;

   }

   framework pkcs15 {

      use_caching = true;

      try_emulation_first = yes;

      builtin_emulators = esteid;

   }

   card_atr 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 {

      force_protocol = t0;

   }

   

   card_atr 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 {

      force_protocol = t0;

   }

}

app opensc-pkcs11 {

   pkcs11 {

      num_slots = 2;

      hide_empty_tokens = true;

      lock_login = false;

      cache_pins = false;

      soft_keygen_allowed = false;

   }

}

app pkcs11-spy {

   spy {

      output = /tmp/pkcs11-spy.log;

      module = /usr/lib/pkcs11/opensc-pkcs11.so;

   }

}

```

plug in your SCR331 smart card reader (with updated firmware - http://www.scmmicro.com/security/pcs_product_drivers.html) and run:

```
pcscd -a -f
```

if you get no errors, take your IDCard and stick it in to the reader. 

you will see something like:

```
blaa blaa blaa... 

eventhandler.c:416:EHStatusHandlerThread() Card inserted into SCR 331 00 00
```

...and some numbers. this is good!

 :Smile: 

no in another terminal window, type:

```

~# opensc-tool --list-readers

Readers known about:

Nr.    Driver     Name

0      pcsc       SCR 331 00 00

```

this is good  :Smile:  

your card reader is OK. 

```
~# pkcs15-tool --list-certificates

X.509 Certificate [Isikutuvastus]

        Flags    : 0

        Authority: no

        Path     : 3F00EEEEAACE

        ID       : 01

X.509 Certificate [Allkirjastamine]

        Flags    : 0

        Authority: no

        Path     : 3F00EEEEDDCE

        ID       : 02

```

this is really good!

you have a working smart card reader.

Mozilla and Firebird works fine with this setup. All you need to do is 

Options -> Advanced -> Certificates -> Manage security devices (Firebird, Firefox). 

Edit -> Preferences -> Privacy & Security -> Certificates -> Manage security devices (Mozilla, Netscape) or Tools ->

"Load" 

module name: opensc-pkcs11 

module filename: /usr/lib/pkcs11/opensc-pkcs11.so

stick your card in to the reader and:

"OK"

----------

## castor_fou

since that time 'more than 1 year), there has been some cleanup in the tree for these programs.

What would you consider as the good USE settings for opensc, ccid ?

Today I have

```
[root@gui - 01:20:21 - ~] # emerge -pv ccid opensc

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild  N    ] sys-apps/pcsc-lite-1.3.2  USE="-debug -static" 835 kB

[ebuild  N    ] app-crypt/ccid-1.1.0  USE="chipcard2" 528 kB

[ebuild  N    ] dev-libs/opensc-0.11.1  USE="-openct -pcsc-lite" 1,234 kB

```

What are the differences between openct and pcsc-lite ?

----------

## castor_fou

I have to unset chipcard2 for ccid to work correctly (otherwise folder /usr/lib/reader/usb was not created)

The reader is recognized

```
[gui@gui - 01:57:31 - ~] $ opensc-tool --list-readers

Readers known about:

Nr.    Driver     Name

0      pcsc       Axalto Reflex USB v3 (21120538114788) 00 00
```

but I cannot access the data stored on the smartcard. (Unsupported card: do I need to somehow provide the pin code?)

```
[gui@gui - 02:03:00 - ~] $ pkcs15-tool --list-certificates

pkcs15.c:711:sc_pkcs15_bind: returning with: Unsupported card

PKCS#15 initialization failed: Unsupported card
```

----------

