DoD Common Access Card on Linux

There are times when I need to use my Common Access Card at home. Being a Linux user, I figured this would be challenging to configure. It took a few hours of trying different packages and directions, but I finally have it working. Considering the process isn't entirely straightforward, I thought it'd be good to document the steps here.

My desktop is running Gentoo Linux with the SCM Microsystems SCR331-LC1 smart card reader. Other readers will probably work, but I know for certain that this one does.

1. Download and untar the CACKey ebuild into your PORTDIR_OVERLAY.

2. Edit /etc/portage/packages.keywords and add the following lines:

app-crypt/cackey ~x86
dev-perl/pcsc-perl ~x86
sys-apps/pcsc-tools ~x86

3. Edit /etc/portage/packages.use and add the following lines:

sys-apps/pcsc-lite usb
sys-apps/pcsc-tools usb

4. Download cackey-0.5.12-1.src.rpm from Software Forge and drop it in /usr/portage/distfiles. Unfortunately, you'll need your CAC to download CACKey.

5. Merge some packages:

$ sudo emerge pcsc-lite pcsc-tools cackey ccid

6. In Firefox, go to Edit > Preferences > Advanced > Encryption. Click on the Security Devices button, and click the Load button. Use DoD CAC for the module name, and set the module file to /usr/lib/libcackey.so.

7. Download and install the DoD Root certificates in Firefox.

8. Test your CAC at AKO/DKO.

I originally tried using CoolKey but Firefox always claimed the card was not present. This post pointed me in the right direction. It seems that cards manufactured on or after January 14, 2010 no longer work with CoolKey.