Re: [Evolution] Smart Card/CAC Access

[Kåre Fiedler Christiansen <fedora kaarefc dk>]

On Wed, Nov 17, 2010 at 21:38, Clay Stuckey <cstuckey govsg com> wrote:
> How do I enable Evolution to read my Smart Card reader and use a DoD CAC? I have heard that Evolution uses 
> the same settings as Firefox but haven't seen any documentation on how to tell it ti digitally sign emails 
> with the cert in my CAC.

While evolution does use the same library as Firefox for certificate
handling, it doesn't use the same certificate store.

Unfortunately, evolution doesn't have a GUI for handling anything but
PKCS12 certificates. What you need is to have evolution recognize a
PKCS11 based certificate device. This needs to be added to the
certificate store using command line utilities.

The certificate store used depends on your version of evolution.
Evolution versions up to 2.30 has the certificate store in
~/.evolution later versions have the certifcate store in ~/.pki/nssdb

To add the PKCS11 security device, first you need to get the PKCS11
module. I'm not familiar with DoD CACs, but I understand you can run
either coolkey or some custom pkcs11 module tailor made for DoD CACs.
Since it seems you have already installed it in firefox, I assume you
already have a ".so"-file ready.

Then you need to run the command
  modutil -add "DoD CAC" -libfile /path/to/libcoolkeypk11.so -dbdir ~/.evolution

You should use the path to you ".so"-file of course. If you use
evolution 2.32 replace ~/.evolution with ~/.pki/nssdb

If everything works, you should now be able to select your DoD CAC
certificate as the signature to sign mails with. Let us know if it
works. Personally, I haven't had any luck with my PKCS11 security
device under evolution 2.32.

Best,
  Kåre
-- 
Kåre Fiedler Christiansen