Menu
▾
▴
Re: [Opensc-devel] "Waiting for touch" notification
|
From: <fra...@gm...> - 2016-10-17 14:03:49
|
There is https://github.com/OpenSC/OpenSC/blob/master/src/minidriver/minidriver.c#L2446-L2479 to ask a PIN on Windows and https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-dnie.c#L197-L370 to ask for consent (OK/Abort) on Linux, macOS and Windows. Be aware that showing a GUI while the Windows minidriver tells you to be "silent" may result in system instability (according to the docs). I am working on a card with an integrated PIN-Pad and Fingerprintreader [1]. Similarly to a reader with a PIN-Pad, all requests for verifying the PIN or fingerprint are delegated to the card [2] (search for `SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH`). Additionally I added the Session PIN feature to OpenSC's minidriver for delegating an authenticated session without user interaction. As Doug suggested, you may similarly use the prompt for inserting the PIN on an emulated PIN pad reader to tell the user to tap the card. This would be quick and dirty, but has some drawbacks: 1. Verifying the PIN is not neccecarily bound to using the key; 2. you need to handle the User's PIN. Greets, Frank. [1] https://www.bundesdruckerei.de/en/3867-cebit-bundesdruckerei-exhibits-employee-id-card-tomorrow [2] https://github.com/frankmorgner/OpenSC On Monday, October 17 at 08:40AM, Martin Paljak wrote: > Hi, > > I made a wrapper for OSX that shows a notification when the PGP keys are > used, can probably be extended to work on Linux etc. > > Will publish the setup guide on Github after I verify that the > instructions are repeatable. > > Martin > > On 16/10/2016 19:02, Thomas Habets wrote: > > When it's waiting for a touch it just waits with no user notification > > outside of the yubikey blinking. Since I have a Yubikey 4 Nano the > > blinking is not always in view, which makes me type "ssh"/"git push" > > and just stare at the screen. > > > > Has anyone explored how to surface this "please touch the smartcard" > > or something message to the user with opensc? > > > > I can imagine an ugly solution where if there's an outstanding "sign" > > operation for more than epsilon time, then maybe connect to this unix socket > > and say something, or shell out to this command. I can then use that > > to do something better than, but similar to, running: > > xmessage 'touch the yubikey' > > > > [1] https://blog.habets.se/2016/01/Yubikey-4-for-SSH-with-physical-presence-proof > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Frank Morgner Virtual Smart Card Architecture http://vsmartcard.sourceforge.net OpenPACE http://openpace.sourceforge.net IFD Handler for libnfc Devices http://sourceforge.net/projects/ifdnfc |
