Menu
▾
▴
Re: [Opensc-devel] Yubico Neo with OpenPGP and PIV applets
|
From: Klas L. <kl...@yu...> - 2015-09-02 10:38:34
|
Hello, How does Yubico see the Neo being used if it has both a PIV and OpenPGP > application? > >From Yubico's (or at least my) perspective the thinking around the applications is that PIV is used through OpenSC/Windows and OpenPGP is used through gnupg. Our perspective has been that they're typically not used at the same time. > Is one default? > How is the default set? > Can the default be set on the card? > We've not thought of one of those two as default, more as options depending on what the user wants / what the application supports. There is no default selected applet on the Neo, and it can't be set. > > The Neo presents the same ATR for both. The Neo does not take advantage of > the ATR Historical bytes. > No, we've not used the ATR at all to advertise what applications are present, the ATR is also different over the contactless interface. > Are there end users who want to use both, at the same time? > There has been questions about this, not very common and we've not come up with a good solution for it. > > Has Yubico look at presenting the Neo as two devices on the UCB bus with a > different ATRs for the > OpenPGP and PIV applications? (Historical bytes including the AID?) > It's an interesting idea, I'm not sure how practical it is (due to several issues) but I'm happy to discuss possible solutions to simultaneous use. > > The OpenSC PIV drivers checks for the PIV AID. The OpenSC OpenPGP driver > has not, but issue #507 is trying to address this. > I've always found checking for AID to be more exact, but that's coming from and angle where multiple applications can be loaded and you can't really tell from the ATR exactly what applications might be found on a specific card. > > Does Yubico developers follow the OpenSC discussions? > I try to follow opensc-devel for relevant stuff and keep up to date with what happens in the code. > Do they test OpenSC with their devices? > As I wrote above our view is that the PIV parts of YubiKey devices should work with OpenSC we test that. > > > Thanks. > Thank you! /klas |
