Yes, Notes supports the DoD's "Common Access Card" tokens, and in 6.0.2, you can sign and decrypt S/MIME mail using the certificates that were pre-loaded onto those cards.
ActivCard Gold 2.2 has been on the list of supported packages since 6.0 shipped, and we've thoroughly tested Notes with ActivCard's CAC cards -- they work just fine with Notes.
In 6.0.2, we added support for importing pre-loaded certificates off those CAC cards via a new GUI option --- File//Security//User Security...; Your Identity//Your Certificates; Get Certificates//Import Internet Certificate From a Smartcard --- and a new C API function, SECManipulateSC. After importing the pre-loaded certs into the ID file, the private keys on the tokens can be used for S/MIME signing and decryption.
We've haven't tested any other CAC-formatted tokens yet due to not having any to test with, but I would be surprised if they weren't formatted similarly. :) We've also tested the certificate importing on several other pre-loaded tokens that vendors or customers have sent us, as well as certificates that were placed onto the token by Mozilla, so the mechanism should be fairly robust. As long as a token fits the "RSA Asymmetric Client Signing Profile" from the "PKCS#11: Conformance Profile Specification" (
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/pkcs11Conformance.pdf), then Notes should be able to use the pre-loaded certificates.
Hope that helps,
dave
Note 1: Technically, the cryptography is being performed with the private keys, not the certificates, but most people don't bother to make that distinction.
Note 2: "pre-loaded" == loaded onto the token by someone other than Notes.
Note 3: SECManipulateSC is thoroughly documented in the "Lotus C API Notes/Domino 6.0.2 Reference", but if you have any other questions about it, feel free to post them here.
Return to top
. . Yes, Notes supports CAC Smartcards (~Tanita Desweve... 13.Aug.03) 
Print this page
