Menu
▾
▴
Re: [Opensc-devel] OpenSC at FOSDEM 2018
|
From: NdK <ndk...@gm...> - 2018-01-06 11:12:01
|
Il 05/01/2018 19:01, Bernd Eckenfels ha scritto: > Hello, > Did you try scdaemon (scenario 1 with SCd-PKCS11 should work with Firefox) > https://github.com/sektioneins/scd-pkcs11/blob/master/README.md IIUC that's for GPG to use OpenSC-managed cards. Practical example. I have a MyEID cards where I load a couple of keys for web auth (say work portal and CAcert), a key for mail signing (X509), a key for SSH access and the 3 GPG keys (DEC, SIG, AUT, and possibly the master C key too). That's what I could do before problems started (I last tested quite some time ago, so it might a bit fuzzy). IIRC, if I had Firefox open I couldn't access any key from other apps (including Thunderbird). If I closed FF, then I could sign/decrypt mails in Thunderbird, but either with X509 or GPG (Enigmail). And to use SSH I had to close TB, too. Guess what's the "normal user" reaction? "fsck smartcards". Then an unrelated problem (that probably can't be fixed w/o changing a lot of things): CSSH. CSSH opens ssh sessions to a "cluster" of machines (I used it with 42 parallel sessions) and allows to send the same commands to all the sessions. But if the ssh key is on card (and noone else is using it), it's simply too slow to handle such a batch of requests and logins timeout. IMVHO PKCS#11 greatly suffered "design by committee", making it hard to use it correctly in a multi-app scenario. Smartcards made it even worse, being able to host multiple applets but with only one active at a time: the very concept "only one program can access the card at any time". That actually "forces" developers to ask for exclusive access and the loop closes. That's why I have some cards lying around (MyEID, Epass2003, GnuK, a couple of JCOP card models for programming experiments) but don't use 'em. BYtE, Diego |
