Ludovic Rousseau's blog

Tuesday, October 20, 2020

Unhappy user

I just received this email:

Subject: I have a question with your library

Your library is garbage.

It's too unstable, sometimes it works, sometimes it doesn't.
Why do you publicize your library, as if it really works?

I've just wasted time configuring, fixing bugs, reading your old recommendations.

This is horrible. The version of pcsc lite has failed, I have sometimes failed to read nfc or newly released readers. Even your makefile for C fails. It is impossible to maintain your library. Sometimes it has worked, but I restart the pc and it no longer works. It's terrible.

I just wasted my time with your library trash.

First I thought it was just a spam. But then it talks about pcsc-lite so it must really be for me.

I don't find any question in the text. I also do not find any specific issue or problem to fix.

It is strange to take the time to write such an email. I think that is the first time I receive this kind of email.

I do not include the author name or email address. But if you (the author of the email) read this I propose you to join the pcsclite-muscle mailing list and report your problems there. I am sure someone can help you.

Sunday, October 18, 2020

sysmoOCTSIM: 8 slots reader

Sysmocom designed and sells a smart card reader with 8 slots for SIM sized cards (2FF form factor). It is the sysmoOCTSIM

I received such a reader a few days ago (thanks Harald W.). In my case the reader has a nice aluminium casing to protect the electronic.

I added the reader in my list at: sysmocom_sysmoOCTSIM.

8 slots

The reader has 8 slots. From the CCID USB descriptor:

  bMaxSlotIndex: 0x07

The index starts at 0 so a maximum of 7 indicates 8 slots.

And it declares that it can support 8 slots busy at the same time.

  bMaxCCIDBusySlots: 8

So it is possible to use the 8 slots at the same time.

This device is the only one to have 8 slots in my list: https://ccid.apdu.fr/select_readers/?bMaxSlotIndex=7

You can also display the reader list sorted by bMaxSlotIndex field to easily see the other readers that have more than 1 slot.

Free Software Firmware

The reader firmware is free software (or open source if you prefer this denomination). The license is GNU GPL 2 or a later version.

The git repository is https://git.osmocom.org/osmo-ccid-firmware/
The bug tracker is https://osmocom.org/projects/osmo-ccid-firmware

The only other free software CCID firmware I know of is Tian Tian Xiang Shang used in the GnuK project (An Implementation of USB Cryptographic Token for GnuPG).

CCID driver limitation

My CCID driver does support multi-slots readers since version 0.9.2 released in 2004.

But the driver is limited because it does not support using the slots at the same time, even if the reader declares it supports it.

pcsc-lite has support for simultaneous multi-slot. But the driver tells pcsc-lite that simultaneous multi-slot is not supported. See this code: https://salsa.debian.org/rousseau/CCID/-/blob/master/src/ifdhandler.c#L490

Of course I tried to modify the code of the CCID driver to tell pcsc-lite that simultaneous multi-slot can be used. But then the driver is confused by mixed USB frames. I then remembered why this support was disabled.

Improvement

Adding support of simultaneous multi-slots is possible. That will require some work on the CCID driver.

If you want or plan to use such a reader with pcsc-lite on GNU/Linux or another Unix system then contact me so we can discuss what you can do.

Conclusion

I sometimes receive requests about configurations with a lot of smart card readers. Using an 8 slots reader can be part of the solution. This reader requires the use of only one USB port and has its own power supply unit.

The reader firmware is Free Software and I like that. It can only be a good point in the selection of a smart card reader.

Friday, October 16, 2020

GitHub Sponsors: US$ 20 per month

Since January 2020 I participate in the GitHub Sponsors. See my post "GitHub Sponsors".

I received the first payment in May 2020. See "GitHub Sponsors: first payment".

You can see my public GitHub sponsor page at "Become a sponsor to LudovicRousseau".

New sponsor

I now have a new sponsor at $10 per month. That will double my Sponsors revenue. Yeah!
Thanks a lot to the existing 6 sponsors. You are wonderful.

I added a new tier at $20/month in case someone want to be even more generous.

Bitcoin

It is also possible to send me bitcoins. See "How to help my projects? Send me bitcoins!".

Someone sent me some BTC cents (or micro cents) just a few days ago. Thanks to you anonymous.

Conclusion

I plan to make a status in next January for the 1st anniversary of my participation to the GitHub Sponsors program.

Wednesday, September 16, 2020

PySCard 2.0.0 released

I just released a new version 2.0.0 of pyscard. PySCard is a python module adding smart cards support (PC/SC) to Python.

The version is 2.0.0 because after 1.9.9 I had not so many choices. This version does not bring any new feature. It is a bug fix release.

The PySCard project is available at:

Changes

2.0.0 (September 2020)

SCardStatus(): Fix a crash in case of PC/SC error
toASCIIString(): replace non-ASCII characters by '.'
remove i386 (32-bits) support on macOS

Friday, July 31, 2020

New PyKCS11 1.5.9 available

I just released a new version of PyKCS11, a Python wrapper above the PKCS#11 API.
See "PyKCS11 introduction" or "PyKCS11’s documentation".

The project is registered at Pypi: https://pypi.org/project/PyKCS11/

Changes

1.5.9 - July 2020, Ludovic Rousseau

call C_GetSlotList() with a NULL parameter to correctly initialize some PKCS#11 lib conforming to PKCS#11 version 2.40.

Thursday, July 30, 2020

Smart card and blockchain?

I received my first ATR description containing the word "blockchain". It is for ATR 3B 89 80 01 66 49 46 58 42 53 32 47 6F 32.

The card description is "Blockchain Security 2Go (JavaCard)" and refer to https://github.com/Infineon/Blockchain "Infineon's Blockchain Security 2Go Starter Kit".

The license of the github project is MIT License but the project does not contain any source code. So I am not sure what this github project is about.

Note: I do not have such a smart card. So I can't write much more about this card and project.

Tuesday, July 7, 2020

Smart card Usage in Debian: applications

See "Smart card Usage in Debian: pcscd and drivers" and "Smart card Usage in Debian: middleware" for the previous articles.

The last layer above the smart card reader driver, the PC/SC resource manager and the middleware are user applications.

I try to maintain a list of smart card applications available in Debian.

I updated the list when writing this blog article. New Debian packages have been added, and others have been removed.

ausweisapp2: Official authentication app for German ID cards and residence permits

cardpeek: Tool to read the contents of ISO7816 smartcards

connman-gtk: fully-featured GUI for ConnMan with systray support

entropybroker: infrastructure for distributing random numbers (entropy data)

gnokii-cli: Datasuite for mobile phone management (console interface)

gnokii-smsd: SMS Daemon for mobile phones

gnome-boxes: Simple GNOME app to access remote or virtual systems

gnome-phone-manager: control aspects of your mobile phone from your GNOME 2 desktop

gnupg: GNU privacy guard - a free PGP replacement

golang-pault-go-ykpiv-dev: high level cgo wrapper around libykpiv.so.1

network-manager-openconnect: network management framework (OpenConnect plugin core)

network-manager-openconnect-gnome: network management framework (OpenConnect plugin GNOME GUI)

nitrokey-app: Application to manage the Nitrokey

openconnect: open client for Cisco AnyConnect, Pulse, GlobalProtect VPN

opensc: Smart card utilities with support for PKCS#15 compatible cards

pcsc-tools: Some tools to use with smart cards and PC/SC

plasma-nm: Plasma5 networkmanager library.

python3-yubikey-manager: Python 3 library for configuring a YubiKey

qemu-system-arm: QEMU full system emulation binaries (arm)

qemu-system-mips: QEMU full system emulation binaries (mips)

qemu-system-misc: QEMU full system emulation binaries (miscellaneous)

qemu-system-ppc: QEMU full system emulation binaries (ppc)

qemu-system-sparc: QEMU full system emulation binaries (sparc)

qemu-system-x86: QEMU full system emulation binaries (x86)

rdesktop: RDP client for Windows NT/2000 Terminal Server and Windows Servers

spice-client-gtk: Simple clients for interacting with SPICE servers

srsue: User Equipment implementation for LTE

virt-viewer: Displaying the graphical console of a virtual machine

vinagre: remote desktop client for the GNOME Desktop

wpasupplicant: client support for WPA and WPA2 (IEEE 802.11i)

x2gothinclient-chroot: Install X2Go Thin Client chroot (metapackage)

xgnokii: Datasuite for mobile phone management (X interface)

ykcs11: PKCS#11 module for the YubiKey PIV applet

yubico-piv-tool: Command line tool for the YubiKey PIV applet

yubikey-manager: Python library and command line tool for configuring a YubiKey

yubioath-desktop: Graphical interface for displaying OATH codes with a Yubikey

Installations

Package	# of installation	% of Debian systems
gnupg	189853	96,29 %
wpasupplicant	100666	51,06 %
vinagre	49424	25,07 %
opensc	24336	12,34 %
qemu-system-x86	18292	9,28 %
plasma-nm	17497	8,87 %
rdesktop	10575	5,36 %
virt-viewer	9638	4,89 %
qemu-system-arm	4708	2,39 %
qemu-system-ppc	4099	2,08 %
qemu-system-mips	4096	2,08 %
qemu-system-misc	4070	2,06 %
qemu-system-sparc	4007	2,03 %
openconnect	3679	1,87 %
network-manager-openconnect	2457	1,25 %
network-manager-openconnect-gnome	1832	0,93 %
pcsc-tools	1743	0,88 %
gnome-boxes	1446	0,73 %
spice-client-gtk	791	0,40 %
python3-yubikey-manager	338	0,17 %
xgnokii	319	0,16 %
yubikey-manager	298	0,15 %
gnokii-cli	288	0,15 %
cardpeek	176	0,09 %
yubico-piv-tool	165	0,08 %
gnome-phone-manager	155	0,08 %
yubioath-desktop	115	0,06 %
nitrokey-app	103	0,05 %
connman-gtk	73	0,04 %
ausweisapp2	69	0,03 %
gnokii-smsd	47	0,02 %
ykcs11	36	0,02 %
entropybroker	19	0,01 %
srsue	2	0,00 %
golang-pault-go-ykpiv-dev	1	0,00 %
x2gothinclient-chroot	0	0,00 %

Conclusion

The first real smart card application with the most installations is OpenSC with 12% of Debian systems. Hello and well done to my OpenSC developers collegues.

The use of smart card is not developed. Maybe it is more deployed in enterprises since "many" business laptops have an integrated smart card reader. So there must be market and customer demand for these configurations. But maybe also these enterprises systems do not have the popularity-contest package installed so are not visible in the statistics here.