Z3x Smart Card Rockey 200 Driver Free 139
Mirthe Luria
In Red Hat Enterprise Linux, we strive to support several popular smart-card types. However, because it is not possible to support every smart card available, this document specifies our targeted cards. In addition it provides information on how to investigate a potential incompatibility between the cards and RHEL.
On the lower level, the operating system communicates with the smart card reader, using the PC/SC protocol, and this communication is performed by the pcsc-lite daemon. The daemon forwards the commands received to the card reader typically over USB, which is handled by low-level CCID driver.
The PC/SC low level communication is rarely seen on the application level. The main method in RHEL for applications to access smart cards, is via a higher level API, the OASIS PKCS #11 API, which abstracts the card communication to specific commands that operate on cryptographic objects (private keys etc). Smart card vendors, often provide a shared module (.so file), which follows the PKCS #11 API, and serves as a driver for the card. That shared module can be imported by applications, and be used to communicate with the card directly. In the open source world, we have projects like OpenSC, which wraps several smart card drivers into a single shared module. For example the OpenSC module as shipped by RHEL8.0, provides support for Yubikey, Nitrokey, and the US-government PIV and CAC cards and many more, on a single module. We highly recommend smart card vendors to provide support for their cards using the OpenSC libraries.
The PKCS#11 URI scheme is used to consistently identify smart cards, tokens and objects on them in the system. They are used by most of the tools in RHEL 8+ and simplify configuration of applications for smart cards. More information about supported applications and uses of the URI can be found in separate blog post.
When working with applications using smart cards, it is often useful to know the URIs of the tokens or the objects stored in the token.
The identification URIs of registered PKCS#11 modules can be seen with the following command (this uses p11tool from gnutls-utils component).
RHEL 7 was originally shipped with CoolKey smart cards driver, which was deprecated and is no longer available in RHEL 8 and newer. The current driver OpenSC supports all cards that used to be supported by CoolKey. For more information, see the RHEL7 Smart Cards article.
Gnome in RHEL7 was relying on pam_pkcs11 to provide access to Smart Cards through NSS. In RHEL8+, the desktop login is managed by System Security Services Daemon (SSSD). How to configure system to allow smart cards login of users in IdM is described in RHEL 8 Product documentation, section Configuring Identity Management.
OpenSSH in RHEL8 and newer supports PKCS #11 URIs as part of Consistent PKCS #11 support in RHEL8. In the past, configurations had to provide full path to the PKCS #11 shared object. This is no longer needed and minimal example to use private keys from smart cards with ssh requires the use of pkcs11: uri scheme:
The OpenSC implements support for most of the cards, but if you know that you will be using only one or two, it can be runtime configured in /etc/opensc.conf (on x86_64 architecture). In the section app default use the card_drivers option and set it to appropriate drivers you are interested in. You can list all the supported drivers using opensc-tool --list-drivers. For example to allow only CAC and PIV drivers, use the following configuration:
If the card detection is still too slow after selecting only PIV driver, you can enable file caching of the certificate data by adding the following snippet to the framework pkcs15 section in /etc/opensc-*.conf:
Note, that the file_cache_dir needs to be accessible by the applications using smart cards, generally sssd's privileged process or any other application using pkcs11 module (Firefox, openssh, ...), depending on the use case. The directory should not be world-writable to prevent malicious users to tamper with this cache.
This was successfully tested with PIV cards, but should give performance improvement also for other card types.
The OpenSC supports using pinpad readers, but some of the readers do not comply with the CCID specification so this functionality is turned off by default. You can enable pinpad on your reader by setting the enable_pinpad = true option in /etc/opensc.conf under the app default and reader_driver pcsc sections. If the pinpad needs pin of fixed length, it is possible to tweak it with the fixed_pinlength option.
ROCKEY4 is an innovative software defense system that affixeds to the parallel or USB port of a computer system. Your software application might be replicated, however it will just run when your ROCKEY4 dongle is connecteded to the computer. Your application will connect with ROCKEY4 at start-up and during runtime, No Dongle indicates No License to execute your software. You can also limit the use of your software which is very typical in the software market for DEMO functions or SHAREWARE.
When it come to software application designers providing multiple modules, ROCKEY4 permits you to safeguard approximately 16 applications per dongle at any one time (ROCKEY4ND now support 64 modules). Because every ROCKEY4 dongle has an one-of-a-kind ID, software designers can even limit the application to just permit to execution with a certain dongle.
Unlike some competing products, ROCKEY4 is in fact a powerful mini computer system, with a CPU, memory and specialized firmware that permits durable communication with your application. You may write algorithms that are firmly stored in the dongle, and then call those algorithms from time to time in your application. This method for software application protection is virtually impossible to crack. Although made for high level protection, it is likewise fairly simple to carry out.
Why pay more when you can get something better at a cheaper price. ROCKEY4 costs you 50% or less than most of the competing Dongles available in the market. With ROCKEY4, you do not need to employ expensive software security experts but still enjoy high security on your software.
ROCKEY4 is a well designed software protection system that comes with user friendly interface and useful sample source codes in most programming languages, so that you will have no difficulty learning how to integrate it into your software application. In most cases, just within few days a programmer can become the master of using ROCKEY4.
This FAQ or frequently asked questions section will help you resolve some questions you or your customers may run into when using ROCKEY4 Software Protection products. We have listed the questions and the answers here for your reference.
Yes, it is very secure. The ROCKEY4/NetROCKEY4 password is actually a set of four individual passwords that authorize two security levels. The two Basic passwords authorize read-only access to the dongle. Read and Write access is authorized only with the combination of the Basic and Advanced password sets. The Advanced password set is meant for the developer and should not appear in the software that goes to the end user.
Each Dongle has 4 16-bit passwords. If a hacker wants to crack the dongle by exhaustion, the number of possible combinations is 264. If one computation takes 10-20 seconds, it would take 58 years to try every combination.
The simplest way is to order new dongles with new passwords. Another way is to provide proof that you are the legitimate holder of the purchase code. Only the legitimate purchase code holder may obtain the passwords from ROCKEY.
ROCKEY4/NetROCKEY4 operates the parallel port through the device driver, and uses error correction technology at the communication protocol level. Therefore, it is compatible with most printers. However, there are a few models of printers that receive a large amount of current or electricity when powered off. This can cause a voltage shortfall to the dongle and result in a communication problem with the dongle driver. This problem can be easily solved by turning on the printer or removing the printer cable from the dongle.
It is quite easy to prevent data sharing devices from doing this. Just generate a random number when the program starts, and write this number in a specific address in the ROCKEY4/NetROCKEY4 dongle, then check for the number in that specified address when the program is running or executing to see if it is the same number you have written. If another computer is also running the program during this period, and is using the same dongle, another random number would have been written to this address.
No. According to the results of our tests, the performance difference between the simplest algorithm and the most complex is within a dozen milliseconds. You will not notice any difference as long as you do not call the algorithm too frequent.
USB stands for Universal Serial Bus. Now it is a very common interface standard and is already implemented in many devices. Please visit www.usb.org for more details. Its advantages include plug and play capabilities, hot-swap support and high transfer rate. It can support up to 127 USB devices connected through extensions. USB eliminates conflict problems with printers and other peripheral devices.
If you are using or testing ROCKEY products, we will send our updates to you when there are any. You may also download the latest development packages and updates from our product page download section.
If a printer or any other peripheral device is attached to the parallel port ROCKEY4/NetROCKEY4, you should turn the power of that device on. ROCKEY4/NetROCKEY4 dongles require a voltage of about 2.2 volts, and this power is supplied by the mainboard through the parallel port so if a peripheral device is attached to the ROCKEY4/NetROCKEY4 dongle, the dongle may not receive enough power to be activated.
b1e95dc632