Using Your DOD CAC Card On Debian Linux (Or LinuxMint)

Stacks Image 1236
So you are a Linux Geek AND a DOD employee with a Common Access Card and want to check your official email, paycheck, and travel claims on your Penguin box you’ll have to install some software and do some configuring to make it work. It isn’t child’s play but a great learning tool for being a linux power user.

Let’s do it!

Ok. I’m using Debian unstable linux and LinuxMint 17.3 Rosa but this should work on any Ubuntu installation.

Also I am using an SCM SCR331 USB CAC Card Reader as depicted in the photo.

The first thing you need to do is install some software. Type this in a terminal:

sudo synaptic

then search for coolkey

Once it pops up click on the box and mark it for installation. It will ask to install libckyapplet1. Go ahead and mark it for installation.
Stacks Image 1145
Now repeat the process with

pcsc

pcscd

both of these will ask to install additional dependencies as well. Let them. Then click the Apply button and install all.
Stacks Image 1151
Now we need the DOD Configuration file to configure Firefox, or in my case IceWeasel. IceWeasel IS Firefox without the icons. Licensing and stuff.

Go to this address and download it. Once you have it close Firefox, right click it and ask to “Open With” Firefox (or Iceweasel) If you don’t trust my file go here and get the certificates right from the source.
Stacks Image 1155
Stacks Image 1157
Once it is installed in Firefox go to the three horizontal bars on the right side of the toolbar and click Add Ons > Extensions. Now click Preferences and then “Update DOD Certs”
Stacks Image 1161
Stacks Image 1163
Now click your horizontal bars again and select “Preferences” > Advanced > Security Devices

At this point lets make sure the CAC Card reader is plugged in and your CAC card is inserted.
Stacks Image 1165
At this point we want to load our module in the Device Manager depicted in the photo above. Now for some reason the Coolkey module did not work for me so I installed CACKEY and used it. Your mileage may vary here. I confirmed this on Linuxmint and Debian.

Go to this address and download CACKEY. Make sure you get the right one for your platform. In my case it was Linux on AMD 64 DEB.

It will download to your downloads folder.

Do as in the photo below:

cd Downloads

sudo dpkg -i cackey_0.7.5-1_amd64.deb

In my case it didn’t install. It barked at me telling me there was no /usr/lib64 directory. Ok.

sudo -s

mkdir /usr/lib64

sudo dpkg -i cackey_0.7.5-1_amd64.deb

Now it installs.
Stacks Image 1184
Now back to Firefox and lets load that module under “Preferences” > Advanced > Security Devices

Name it DOD CAC and browse to /usr/lib64/libcackey.so
Stacks Image 1188
Now you should be able to shut down Firefox, open it back up and visit a DOD CAC card enabled website. Congrats. Now the bad news. Defense Travel System (DTS) won’t work. You need Java for that. Download it from here Scroll down and get Linux X64 (provided you have a 64 bit system) and download it.

Become root,

sudo -s

make a directory

mkdir /usr/java

cd Downloads

cp jre-8u66-linux-x64.tar.gz /usr/java

cd /usr/java


tar xvf jre-8u66-linux-x64.tar.gz

cd /usr/lib/mozilla/plugins

ln -s /usr/java/jre1.8.0_66/lib/amd64/libnpjp2.so

Then when you open firefox and start logging into DTS after enabling java a box below pops up and DBSign wants to know where the pkcs11 module is. Browse to the location below and select libcoolkeypk11.so

/usr/lib/pkcs11/libcoolkeypk11.so
Stacks Image 1192
Stacks Image 1194
Now you should be able to go to DTS and access your travel claims.

You are set. Everything should work fine!
2,626