Menu
▾
▴
Re: [Opensc-devel] Connecting to a specific USB device
|
From: Anthony F. <ant...@gm...> - 2013-07-27 06:48:04
|
Ludovic, greetings -- On Fri, Jul 26, 2013 at 8:08 AM, Ludovic Rousseau <lud...@gm...> wrote: > 2013/7/17 Anthony Foiani <ant...@gm...>: >> But I don't see any place where [the saved device name/path] can be accessed. > > Exact. And that PC/SC information needs to come from the PKCS#11 layer. ... >> The cleanest way might be a vendor-specified attribute, but as the >> comment at the top of p11_attr.c says: "The number of layers we stack >> on top of each other here is frightening." Might it be as simple as defining some CKA_OPENSC_DEVICE_PATH, and returning the recorded device name/path info when queried for that attribute? (Or am I missing a layer?) > If once attached to a VM the USB token is no more available for the > host then pcsc on the host will not see it anymore. And then OpenSC > will not see the token either. > > So a new PKCS#11 token detected by OpenSC will only be a newly > connected USB token. > > You would not be able to connect a new token until the previous one is > attached to a VM. Nice! Very elegant, other than the "at most one unbound token at any given time" limitation. > Maybe your USB tokens have different USB serial numbers so you can > differentiate them? The original poster mentioned serial numbers as an option: >> On Tue, Jul 16, 2013 at 8:30 AM, Mat Arge <arg...@gm...> wrote: >>> I am tracking the connection of USB tokens via udev and want to do some >>> specific stuff with them (pass them through to certain virtual machines). For >>> that, I would like to get some token specifics (like the serial number or the >>> PKCS#11 label). But it would be nice to be able to get physical location / connection data at the PKCS11 layer, especially since we already record it. The whole point of a label is to allow the use of meaningful names; allowing only serial numbers means that users now need to track numbers-to-meaning in some other way. Ah, and I didn't even catch "*USB* serial numbers". For what it's worth, the tokens that I'm using in my current project do not support USB serial numbers, only PKCS11 serial numbers. > pcscd should be fast to boot. On an ARM9 CPU I measured 0.3 second. See [1]. > Maybe you are using a smart card reader that is slow to boot. Apologies for the misinformation. It is indeed quite fast on my fast hardware (modern x86-64 desktop). Not sure where I got the "slow" from -- maybe on my 266MHz PPC32 embedded box that is busy doing other stuff in other threads as it tries to run pcscd as well... I was wrong. Again, apologies. Best regards, Anthony Foiani |
