You need two items to begin using your PIV credential:
Quick and Easy Installation Ideal for desktop and notebook computers without built-in readers, the Manhattan Smart Card Reader is easily installed using any USB port and the included software and driver CD. Plug and play with Windows and Mac compatibility, it requires no external power supply or cables — just a simple USB connection. NOT WORKING SD Card Reader (Use USB adapter ) Hibernation Nvidia Graphic Cards Fingerprint Reader Thunderbolt HotPlug REQUIREMENTS Fresh installation One working OSX environment Whole disk available (No partitions) Knowledge in PLIST edition Backup Made (EVERYTHING WILL BE ERASED) Latest. Smart Card Readers with PIN-pad APG8201-B2 Smart Card Reader with Pinpad ACR83 PINeasy Smart Card Reader ACR89U-A1 Handheld Smart Card Reader ACR890 All-In-One Mobile Smart Card Terminal ACR89U-A2 Handheld Smart Card Reader (Contactless Version) ACR900 Handheld EMV Terminal PTR89 Portable Thermal Printer (for ACR89). Smart Card readers provide a much higher level of security than standard proximity or magnetic stripe readers. Kantech offers a full suite of smart card readers to fit your unique needs.
- A card reader (hardware)
- Middleware (software) that works with your computer
With just their PIV credential, a card reader and middleware - your users can login to websites that are PIV enabled, digitally sign email and documents and files, and encrypt!
Card Readers
A card reader is exactly what the name suggests: a piece of hardware which helps read the card.
A card reader is the hardware that supplies power to the chip, and allows the computer operating system to talk to the PIV credential chip operating system.
Card readers are available in many shapes and sizes - to fit both the PIV credential, and to plug into your computers. There is a card reader that will work for any shape and size of the computer you use including card readers for USB and microUSB ports. There are fold-up readers, there are readers that sit on your desk, there are keyboards with readers, there are readers that connect to tablets, and there are readers built into laptops.
ISO 7816
If you need to buy a card reader for computers, you will need one that specifies support for ISO 7816.
You can buy a card reader for personal use from a number of commercial online retailers. When buying card readers for your agency, you can use GSA Advantage to directly purchase the card readers.
Before you buy a card reader, look around and ensure you don’t already have one. A large portion of government laptops have the card readers already, and desktops may have keyboards with readers built-in.
If you have a Mac OSX or Linux based computer, you probably don’t have a card reader built in. Find a card reader option that you like and let’s move on to Middleware.
Middleware
For PIV credentials, middleware refers to the computer software or drivers which allow the computer to interact with the PIV credentials to support authentication, digital signatures, encryption, and integrations with your software tools.
For common PIV credential usage scenarios, the table below outlines the general smartcard middleware available as open or government source or included in operating systems for use scenarios. Commercial options for PIV Middleware are available and the list of NIST certified PIV Middleware can be viewed here on the NIST website.
Consider how to support your email client software, virtual private network software, and which browsers are used if you're choosing middleware for all your agency enterprise users.
| Name | Operating System and Versions | Support | Considerations |
|---|---|---|---|
| Windows mini-driver | Windows 7, Windows 8, Windows 10, Windows 2008, Windows 2012 | Yes | Included in Windows operating systems and requires no installation. Does not include the functionality to perform full lifecycle management of a PIV credential. Does not support using your PIV credential with non-Microsoft cryptographic service providers such as those used by Mozilla Firefox browser. |
| OpenSC | Mac OSX 10.5, Mac OSX 10.6, Mac OSX 10.7, Mac OSX 10.9, Mac OSX 10.10, Windows (32-bit and 64-bit), Linux, *nix versions vary | Open Source | Open source software. Limited commercial support for maintenance and patching. Supports PKCS#11; for example, as used by Mozilla Firefox browser. |
| Smart Card Services | Mac OSX 10.6, Mac OSX 10.7, Mac OSX 10.9, Mac OSX 10.10 | Open Source | Open source software. Limited commercial support for maintenance and patching. |
| CoolKey | Linux, *nix versions vary | Open Source | |
| CACKey | Linux, *nix versions vary | US Government Source | Available from Forge.mil |
| Commercial options | Varies | Yes | Review support for your usage needs such as email signing, encryption, network authentication, VPNs, and website authentication |
You may need to consider Network authentication, Virtual Private Network (VPN), email signing, email encryption, document signing, document encryption and website authentication when choosing one or more middleware options for yourself or your users. In most cases, you can choose a middleware option that works for the most common uses for your purposes or mix and match based on operating systems and devices.
Middleware definitions
Middleware as a general computer term can encompass any software that provides integration points for an application. In the Standards for PIV credentials, the term PIV middleware is used and a common question is “What is the difference between PIV Middleware and general smartcard middleware?” To simplify, we’ll define the two terms as we use them for PIV credentials in these guides:
PIV Middleware:
Client side software which implements the full set of application programming interfaces and card functions as specified in NIST Special Publication 800-73-4, and has been certified as compliant to the NIST Special Publication 800-85A series testing procedures. The PIV compliant middleware implements all lifecycle functions including the ability for a user to perform PIN resets, activation, and renewals. The PIV compliant middleware may also implement common usage functions to support authentication, digital signatures, encryption, and integrations with multiple operating system cryptographic libraries.
General smartcard middleware:
Client side software which implements common functions for an operating system and cryptographic libraries to interface with PIV credentials or other smartcards for usage. The general smartcard middleware may implement functions to support authentication, digital signatures, encryption, and integrations with multiple operating system cryptographic libraries.
For common PIV credential usage scenarios, we outline the general smartcard middleware available as open or government source or included in operating systems for use scenarios. Commercial options for PIV Middleware are available and the list of NIST certified PIV Middleware can be viewed here on the NIST website.
Next Steps
You have a PIV credential, you have a card reader, and you have middleware for your computer. Now what?
If you want to learn more about details of PIV credentials, certificates, and how to configure a network or web application, the next section is for you.
Here are the steps on how to install a CAC Reader for Mac:Au9540 9560 Smart Card Reader Installation Guide For Mac Download
- Ensure your CAC reader works with Mac
- Check to ensure your Mac accepts the reader
- Check your Mac OS version
- Check your CAC’s version
- Update your DOD certificates
- Guidance for Firefox Users
- Look at graphs to see which CAC enabler to use
Step 1: Purchase a Mac Friendly CAC Reader
Purchase a CAC reader that works for your Mac. There are only a couple that you can choose from and I’ve listed them below.
If you already have a CAC reader and it isn’t Mac friendly, you could update the firmware, however, for the non-tech savvy people out there, it’s probably better to just purchase a new one and save the headache – they’re only ~$11-13 dollars.
Best Mac Compatible CAC USB Readers
Best Mac Compatible CAC Desk Readers
Step 2: Plug in and Ensure It’s Accepted
Once you have your CAC reader, plug it into your Mac and ensure your computer recognizes it. If you have one of the CAC readers we suggested above, then you should be good to go.
If for some reason your CAC reader isn’t working, you may need to download the appropriate drivers for your CAC reader. You can find these drivers on the Reader’s Manufacturer Website.
Step 3: Update Your DOD Certificates
Now that you have your CAC reader connected and accepted on your Mac computer, it’s time to ensure you have the right certificates in order to access DOD CAC required web pages.
Procedure for Chrome and Safari
- Type ⇧⌘U (Shift + Command + U) to access your Utilities
- Find and Double click “Keychain Access”
- Select “Login” and “All Items”
- Download the following five files and double click each once downloaded so as to install in your Keychain Access.
- When you double-click the Mac Root Cert 3 and 4, you’ll need to tell your browser to always trust them. Click the button like you see below:
Additional Steps for Firefox
If you’re using Mozilla Firefox as your primary browser, you’re going to need to perform some additional steps. First, perform the same steps that you did for Chrome and Safari. Afterwards, follow these additional steps to get started.
- Download All Certs zip and double click to unzip all 39 files
- While in Firefox, click “Firefox” on the top left, then “Preferences”
- Then Click “Advanced” > “Certificates” > “View Certificates”
- Then Click “Authorities” and then “Import”
- Import each file individually from the “AllCerts” folder. When you do this, the below box will popup. Check all three boxes and click “OK”
Step 4: Download and install CAC Enabler
Choosing the right CAC enabler can be pretty tricky. It all depends on what OS you have installed, how you installed it, and even what kind of CAC Card you have!
In order to get the right enabler, be sure to visit our trusty guide to Mac CAC Enablers! It’ll walk you through exactly which enabler is right for you.
Au9540 9560 Smart Card Reader Installation Guide For Mac Osx
CAC Access at Home Success
Now that you have a CAC reader, certificates, and a CAC Enabler, you should now be able to access any CAC-enabled website and log on using your CAC password and data.
Common Reasons Why Your CAC Card Won’t Work On Your Mac
Ensure Your CAC Card Meets the Standards: In order for your CAC card to work, it must meet the minimal requirements. Currently, there are only four types of CAC cards that can be used. The ensure you have the right CAC card for online access, flip your CAC card to the back and if you have one of the below numbers written on the top left, then you are good to go:
- G&D FIPS 201 SCE 3.2
- Oberthur ID one 128 v5.5 Dual
- GEMALTO DLGX4-A 144
- GEMALTO TOP DL GX4 144
If you do not have any of the above written on the back, then proceed to your nearest PSD to get a new CAC card issued.