Smart card signature using VPN

666666 · 13 May 2021 17:33

Remote work opens a huge amount of possibilities, and every company has managed to build a virtualization infrastructure that works in standard situations.
But for us nerds who use Linux at home, remote working becomes a bit more challenging. Of course I do have double boot, and the IT department will help us configure the whole VPN / RDP setup in Windows. But guess what, we’re not happy until we replicate that connection from Linux.
I’m proud I managed to configure the VPN connection in Manjaro KDE, and then the KRDC connection.
Then I installed my Cherry smart card reader in Linux, and the SafeSign driver for the card, and it can read the tokens, and sign documents in Linux. But when I go remote, the token reader can’t access the token. The IT dept. said Linux is not transferring the reader to the Windows virtual machine.
Any help to solve this last issue will be very welcome – how can I get Linux to send the smart card setup to the remote Windows session (just like it does if the local boot disk is Windows)?

Hanzel · 13 May 2021 17:35

Hi and welcome to the forum

First: Good goals! Thanks for sharing, in the same boat here
Second: What kind of virtualization are you using? That should determine the solution. My gues is it is a a USB device, and depending on the choice you made there are a few options:

https://wiki.archlinux.org/title/VirtualBox#Accessing_host_USB_devices_in_guest

https://wiki.archlinux.org/title/QEMU#Pass-through_host_USB_device

Edit: if you are using a rdp session this might help you if it still works, it’s unmaintained.

There is a successor: freerRDP that has a smartcard plugin and is in the Manjaro repository. The user part of the documentation on how to get it to work is empty atm.

Never had to use any of this since my shop uses citrix and never used a smartcard. I hope I’ve given you some options to read and hope you are able to get your card to work.

666666 · 21 May 2021 06:50

Problem solved!
Let me explain the rather simple setup:

First, make sure the card is working on Linux. I had to install the generic driver for the USB reader, and then the specific driver for the signature token (Safesign in my case). You know it works when the token admin utility shows your certificate.
Second, make sure the RDP client is sharing the card. There’s an option for that in Remmina in the Advanced tab. And that’s it.

system · 5 June 2021 06:50

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.