3

I am trying to communicate with a CAC using Java. From the Developer Kit, I was able to find information about extracting the Unique ID (CHUID) and a few other pieces of information, like the applets available on the card. However, I am unable to extract the username (LastName.FirstName.MiddleName.ID) from the card, and I am also unable to find documentation on the CAC stuff.

I am not using the card to access a secure website. I am using it in a desktop application to authenticate users, and so would not be accessing the certificates stored on the card. I am able to access the different applets stored on the card, but have no idea how to get the username out. This username is needed to verify the users in our system. How can I get the username from a CAC?

Pops
  • 30,199
  • 37
  • 136
  • 151
Chitra
  • 198
  • 4
  • 13
  • CoreStreet (http://corestreet.com/) has a good smart card library that you can use to read CAC and PIV cards. You have to pay for it though. – Taylor Leese Dec 15 '10 at 22:42

2 Answers2

2

I'm not sure what you're using to do this, but if you're accessing it using PKCS#11 you need to find the alias on the card's KeyStore that contains the text "ID Certificate". You can then get that certificate as an X509Certificate using keyStore.getCertificate(alias) and get the name you're looking for using cert.getSubjectX500Principal().getName().

And yeah, I never really found any documentation for this sort of thing either.

ColinD
  • 108,630
  • 30
  • 201
  • 202
0

Most card readers will come with a driver that enables PKCS #11 support, and then you can use the SunPKCS11 security provider to treat the CAC like any other key store. This answer to a related question may be helpful.

As for documentation on developing CAC-enabled Java applications, I was never able to find any either.

Community
  • 1
  • 1
erickson
  • 265,237
  • 58
  • 395
  • 493