Re: [Opensc-devel] Yubico Neo with OpenPGP and PIV applets

[Frank M. <mo...@in...>]

Hi, Klas!

Thanks for clearifying. With your response we'll use PIV as default for
the NEO.

Just one more question: We encountered a bug in the PIV applet that's
specific for the NEO, see https://github.com/OpenSC/OpenSC/pull/530.
We'd like to add a workaround only for the NEO. How do we identify the
NEO if the ATR is not unique (or may change depending on the interface)?

Greets, Frank.


Am Mittwoch, dem 02. September, um 12:10 Uhr schrieb Klas Lindfors:
> Hello,
> 
> 
> How does Yubico see the Neo being used if it has both a PIV and OpenPGP
> > application?
> >
> 
> >From Yubico's (or at least my) perspective the thinking around the
> applications is that PIV is used through OpenSC/Windows and OpenPGP is used
> through gnupg. Our perspective has been that they're typically not used at
> the same time.
> 
> 
> > Is one default?
> > How is the default set?
> > Can the default be set on the card?
> >
> 
> We've not thought of one of those two as default, more as options depending
> on what the user wants / what the application supports. There is no default
> selected applet on the Neo, and it can't be set.
> 
> 
> >
> > The Neo presents the same ATR for both. The Neo does not take advantage of
> > the ATR Historical bytes.
> >
> 
> No, we've not used the ATR at all to advertise what applications are
> present, the ATR is also different over the contactless interface.
> 
> 
> > Are there end users who want to use both, at the same time?
> >
> 
> There has been questions about this, not very common and we've not come up
> with a good solution for it.
> 
> 
> >
> > Has Yubico look at presenting the Neo as two devices on the UCB bus with a
> > different ATRs for the
> > OpenPGP and PIV applications? (Historical bytes including the AID?)
> >
> 
> It's an interesting idea, I'm not sure how practical it is (due to several
> issues) but I'm happy to discuss possible solutions to simultaneous use.
> 
> 
> >
> > The OpenSC PIV drivers checks for the PIV AID. The OpenSC OpenPGP driver
> > has not, but issue #507 is trying to address this.
> >
> 
> I've always found checking for AID to be more exact, but that's coming from
> and angle where multiple applications can be loaded and you can't really
> tell from the ATR exactly what applications might be found on a specific
> card.
> 
> 
> >
> > Does Yubico developers follow the OpenSC discussions?
> >
> 
> I try to follow opensc-devel for relevant stuff and keep up to date with
> what happens in the code.
> 
> 
> > Do they test OpenSC with their devices?
> >
> 
> As I wrote above our view is that the PIV parts of YubiKey devices should
> work with OpenSC we test that.
> 
> >
> >
> > Thanks.
> >
> 
> Thank you!
> 
> /klas

> ------------------------------------------------------------------------------
> Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
> Get real-time metrics from all of your servers, apps and tools
> in one place.
> SourceForge users - Click here to start your Free Trial of Datadog now!
> http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel


-- 
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc