Menu
▾
▴
Re: [Opensc-devel] OpenSC at FOSDEM 2018
|
From: Douglas E E. <dee...@gm...> - 2018-01-05 18:17:20
|
I addition to Ludovic's comments... It also depends on the middleware that is trying to use the card. Some middleware like the Gnu OpenPGP wants exclusive access to the card thus locking out other user applications. With multiple applications on the same card, like Yubikey with PIV and OpenPGP applications only one application can be active (only one AID selected) at a time on the card. Switching between them can cause the login state to be dropped. Some middleware can not recover from some other middleware selecting an AID on the card and and are not smart enough to reselect their AID. Some cards are not smart enough to ignore an attempt to select an AID that is not on the card and loose the login state for the currently selected application. And lastly Some middleware may reset or power off the card while other middleware is still using it. When smart cards where first introduced, each card had an ATR and a single vendor application and vendor middleware. i.e. No interference between middleware cards each responded to only onle card with the single AID. Today its the application on the card that is important, and a card may have more then one application and an application may be available on many different cards. Thus the ATR can not be used to select the application in some cases. And there are multiple version of middleware to support the multiple applications. For example PIV is supported on more then a dozed approved cards and a few non-approved cards. OpenPGP is available on multiple cards. And Yubikey can have both a PIV and OpenPGP application on the same card. And did I mention Java middleware and non-PKCS#11 middleware? If you have control over all the middleware that might try and access a card,you might be able to get them to work together. For example if it is all opensc based in opensc.conf use disconnect = leave rather than reset. What card and what application/middleware are you using? Jakub, Sounds like a good talk as FOSDEM. Sorry I can not be there. These problems outlined above would be a good follow up talk of BOF. On 1/5/2018 10:58 AM, NdK wrote: > Il 05/01/2018 16:23, Jelen ha scritto: > >> this year I am going to FOSDEM and I will have a talk about Smart >> Cards, OpenSC and friends [1]. If you want to hear it, meet me in >> person or discuss something, let me know. > Will you highlight the problems smartcards create, too? > > I'd really like to have "all" my keys on smartcard: > - website authentication > - mail signing/decryption > - ssh auth > -... > > Too bad that if I'm using the smartcard from Firefox I can neither > access it from SSH nor sign/decrypt a mail! > Soo it's still "one card-one key" (mostly). That's, IMVHO, one of the > factors that prevent wider adoption. > > BYtE, > Diego > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > . > -- Douglas E. Engert <DEE...@gm...> |
