Tuesday, October 20, 2020

Unhappy user

 I just received this email:

Subject: I have a question with your library

Your library is garbage.  

It's too unstable, sometimes it works, sometimes it doesn't.
 Why do you publicize your library, as if it really works?

I've just wasted time configuring, fixing bugs, reading your old recommendations.

This is horrible. The version of pcsc lite has failed, I have sometimes failed to read nfc or newly released readers. Even your makefile for C fails. It is impossible to maintain your library. Sometimes it has worked, but I restart the pc and it no longer works. It's terrible.

 I just wasted my time with your library trash.  

First I thought it was just a spam. But then it talks about pcsc-lite so it must really be for me.

I don't find any question in the text. I also do not find any specific issue or problem to fix.

It is strange to take the time to write such an email. I think that is the first time I receive this kind of email.

I do not include the author name or email address. But if you (the author of the email) read this I propose you to join the pcsclite-muscle mailing list and report your problems there. I am sure someone can help you.

Sunday, October 18, 2020

sysmoOCTSIM: 8 slots reader

Sysmocom designed and sells a smart card reader with 8 slots for SIM sized cards (2FF form factor). It is the sysmoOCTSIM

sysmoOCTSIM


 

I received such a reader a few days ago (thanks Harald W.). In my case the reader has a nice aluminium casing to protect the electronic.

I added the reader in my list at: sysmocom_sysmoOCTSIM.

 

8 slots

The reader has 8 slots. From the CCID USB descriptor:

  bMaxSlotIndex: 0x07

The index starts at 0 so a maximum of 7 indicates 8 slots.

 

And it declares that it can support 8 slots busy at the same time.

  bMaxCCIDBusySlots: 8

So it is possible to use the 8 slots at the same time.

This device is the only one to have 8 slots in my list: https://ccid.apdu.fr/select_readers/?bMaxSlotIndex=7

You can also display the reader list sorted by bMaxSlotIndex field to easily see the other readers that have more than 1 slot.

 

Free Software Firmware

The reader firmware is free software (or open source if you prefer this denomination). The license is GNU GPL 2 or a later version.

The git repository is https://git.osmocom.org/osmo-ccid-firmware/
The bug tracker is https://osmocom.org/projects/osmo-ccid-firmware

The only other free software CCID firmware I know of is Tian Tian Xiang Shang used in the GnuK project (An Implementation of USB Cryptographic Token for GnuPG).


CCID driver limitation

My CCID driver does support multi-slots readers since version 0.9.2 released in 2004.

But the driver is limited because it does not support using the slots at the same time, even if the reader declares it supports it.

pcsc-lite has support for simultaneous multi-slot. But the driver tells pcsc-lite that simultaneous multi-slot is not supported. See this code: https://salsa.debian.org/rousseau/CCID/-/blob/master/src/ifdhandler.c#L490

Of course I tried to modify the code of the CCID driver to tell pcsc-lite that simultaneous multi-slot can be used. But then the driver is confused by mixed USB frames. I then remembered why this support was disabled.

 

Improvement

Adding support of simultaneous multi-slots is possible. That will require some work on the CCID driver.

If you want or plan to use such a reader with pcsc-lite on GNU/Linux or another Unix system then contact me so we can discuss what you can do.


Conclusion

I sometimes receive requests about configurations with a lot of smart card readers. Using an 8 slots reader can be part of the solution. This reader requires the use of only one USB port and has its own power supply unit.

The reader firmware is Free Software and I like that. It can only be a good point in the selection of a smart card reader.

Friday, October 16, 2020

GitHub Sponsors: US$ 20 per month

Since January 2020 I participate in the GitHub Sponsors. See my post "GitHub Sponsors".

I received the first payment in May 2020. See "GitHub Sponsors: first payment".

You can see my public GitHub sponsor page at "Become a sponsor to LudovicRousseau".

New sponsor

I now have a new sponsor at $10 per month. That will double my Sponsors revenue. Yeah!
Thanks a lot to the existing 6 sponsors. You are wonderful.

I added a new tier at $20/month in case someone want to be even more generous.

Bitcoin

It is also possible to send me bitcoins. See "How to help my projects? Send me bitcoins!".

Someone sent me some BTC cents (or micro cents) just a few days ago. Thanks to you anonymous.

Conclusion

I plan to make a status in next January for the 1st anniversary of my participation to the GitHub Sponsors program.

Wednesday, September 16, 2020

PySCard 2.0.0 released

 I just released a new version 2.0.0 of pyscard. PySCard is a python module adding smart cards support (PC/SC) to Python.

The version is 2.0.0 because after 1.9.9 I had not so many choices. This version does not bring any new feature. It is a bug fix release.


The PySCard project is available at:


Changes

2.0.0 (September 2020)

  • SCardStatus(): Fix a crash in case of PC/SC error
  • toASCIIString(): replace non-ASCII characters by '.'
  • remove i386 (32-bits) support on macOS

Friday, July 31, 2020

New PyKCS11 1.5.9 available

I just released a new version of PyKCS11, a Python wrapper above the PKCS#11 API.
See "PyKCS11 introduction" or "PyKCS11’s documentation".

The project is registered at Pypi: https://pypi.org/project/PyKCS11/

Changes

1.5.9 - July 2020, Ludovic Rousseau
  • call C_GetSlotList() with a NULL parameter to correctly initialize some PKCS#11 lib conforming to PKCS#11 version 2.40.

Thursday, July 30, 2020

Smart card and blockchain?

I received my first ATR description containing the word "blockchain". It is for ATR 3B 89 80 01 66 49 46 58 42 53 32 47 6F 32.

The card description is "Blockchain Security 2Go (JavaCard)" and refer to https://github.com/Infineon/Blockchain "Infineon's Blockchain Security 2Go Starter Kit".

The license of the github project is MIT License but the project does not contain any source code. So I am not sure what this github project is about.

Note: I do not have such a smart card. So I can't write much more about this card and project.

Tuesday, July 7, 2020

Smart card Usage in Debian: applications


The last layer above the smart card reader driver, the PC/SC resource manager and the middleware are user applications.

I updated the list when writing this blog article. New Debian packages have been added, and others have been removed.

ausweisapp2: Official authentication app for German ID cards and residence permits


cardpeek: Tool to read the contents of ISO7816 smartcards


connman-gtk: fully-featured GUI for ConnMan with systray support


entropybroker: infrastructure for distributing random numbers (entropy data)


gnokii-cli: Datasuite for mobile phone management (console interface)


gnokii-smsd: SMS Daemon for mobile phones


gnome-boxes: Simple GNOME app to access remote or virtual systems


gnome-phone-manager: control aspects of your mobile phone from your GNOME 2 desktop


gnupg: GNU privacy guard - a free PGP replacement


golang-pault-go-ykpiv-dev: high level cgo wrapper around libykpiv.so.1


network-manager-openconnect: network management framework (OpenConnect plugin core)


network-manager-openconnect-gnome: network management framework (OpenConnect plugin GNOME GUI)


nitrokey-app: Application to manage the Nitrokey


openconnect: open client for Cisco AnyConnect, Pulse, GlobalProtect VPN


opensc: Smart card utilities with support for PKCS#15 compatible cards


pcsc-tools: Some tools to use with smart cards and PC/SC


plasma-nm: Plasma5 networkmanager library.


python3-yubikey-manager: Python 3 library for configuring a YubiKey


qemu-system-arm: QEMU full system emulation binaries (arm)


qemu-system-mips: QEMU full system emulation binaries (mips)


qemu-system-misc: QEMU full system emulation binaries (miscellaneous)


qemu-system-ppc: QEMU full system emulation binaries (ppc)


qemu-system-sparc: QEMU full system emulation binaries (sparc)


qemu-system-x86: QEMU full system emulation binaries (x86)


rdesktop: RDP client for Windows NT/2000 Terminal Server and Windows Servers


spice-client-gtk: Simple clients for interacting with SPICE servers


srsue: User Equipment implementation for LTE


virt-viewer: Displaying the graphical console of a virtual machine


vinagre: remote desktop client for the GNOME Desktop


wpasupplicant: client support for WPA and WPA2 (IEEE 802.11i)


x2gothinclient-chroot: Install X2Go Thin Client chroot (metapackage)


xgnokii: Datasuite for mobile phone management (X interface)


ykcs11: PKCS#11 module for the YubiKey PIV applet


yubico-piv-tool: Command line tool for the YubiKey PIV applet


yubikey-manager: Python library and command line tool for configuring a YubiKey


yubioath-desktop: Graphical interface for displaying OATH codes with a Yubikey


Installations

Package # of installation % of Debian systems
gnupg18985396,29 %
wpasupplicant10066651,06 %
vinagre4942425,07 %
opensc2433612,34 %
qemu-system-x86182929,28 %
plasma-nm174978,87 %
rdesktop105755,36 %
virt-viewer96384,89 %
qemu-system-arm47082,39 %
qemu-system-ppc40992,08 %
qemu-system-mips40962,08 %
qemu-system-misc40702,06 %
qemu-system-sparc40072,03 %
openconnect36791,87 %
network-manager-openconnect24571,25 %
network-manager-openconnect-gnome18320,93 %
pcsc-tools17430,88 %
gnome-boxes14460,73 %
spice-client-gtk7910,40 %
python3-yubikey-manager3380,17 %
xgnokii3190,16 %
yubikey-manager2980,15 %
gnokii-cli2880,15 %
cardpeek1760,09 %
yubico-piv-tool1650,08 %
gnome-phone-manager1550,08 %
yubioath-desktop1150,06 %
nitrokey-app1030,05 %
connman-gtk730,04 %
ausweisapp2690,03 %
gnokii-smsd470,02 %
ykcs11360,02 %
entropybroker190,01 %
srsue20,00 %
golang-pault-go-ykpiv-dev10,00 %
x2gothinclient-chroot00,00 %

Conclusion

The first real smart card application with the most installations is OpenSC with 12% of Debian systems. Hello and well done to my OpenSC developers collegues.

The use of smart card is not developed. Maybe it is more deployed in enterprises since "many" business laptops have an integrated smart card reader. So there must be market and customer demand for these configurations. But maybe also these enterprises systems do not have the popularity-contest package installed so are not visible in the statistics here.