Tuesday, July 7, 2020

Smart card Usage in Debian: middleware

See "Smart card Usage in Debian: pcscd and drivers" for the previous article.

The next layer above the smart card reader driver and PC/SC resource manager are middleware. These software are between PC/SC and the user application.

I updated the list when writing this blog article. New Debian packages have been added, and others have been removed.

cackey: CAC and PIV Smartcard PKCS #11 cryptographic module



coolkey: Smart Card PKCS #11 cryptographic module



libckyapplet1: Smart Card Coolkey applet


libckyapplet1 is a dependency of coolkey. So they are both installed at the same time.

libckyapplet1-dev: Smart Card Coolkey applet development files



libcacard0: Virtual Common Access Card (CAC) Emulator (runtime library)


libcacard0 is a dependency of all the qemu-system-* packages. That can explain why this package is installed in so much systems.

libcacard-dev: Virtual Common Access Card (CAC) Emulator (development files)


libchipcard6: library for accessing smartcards



libchipcard-data: configuration files for libchipcard



libchipcard-dev: API for smartcard readers



libchipcard-tools: tools for accessing chipcards



libengine-pkcs11-openssl: OpenSSL engine for PKCS#11 modules



libgnokii7: Gnokii mobile phone interface library



libopenconnect5: open client for Cisco AnyConnect, Pulse, GlobalProtect VPN - shared library


libopenconnect5 is a dependency of plasma-nm (Plasma5 networkmanager library). Plasma is the KDE graphical workspaces environment.

libosmosim0: Osmo SIM library


Part of libosmocore: Open Source MObile COMmunications CORE library (metapackage)

libpam-p11: PAM module for using PKCS#11 smart cards


Part of pam-p11: PAM module for using PKCS#11 smart cards

libpam-pkcs11: Fully featured PAM module for using PKCS#11 smart cards



libpam-poldi: PAM module allowing authentication using a OpenPGP smartcard



libpcscada0.7.5: Ada bindings to PC/SC middleware



libspice-client-glib-2.0-8: GObject for communicating with Spice servers (runtime library)

libspice-client-glib-2.0-8 is a dependency of vinagre: remote desktop client for the GNOME Desktop

libspice-client-gtk-3.0-5: GTK3 widget for SPICE clients (runtime library)

libspice-client-gtk-3.0-5 is also a dependency of vinagre: remote desktop client for the GNOME Desktop

libykpiv1: Library for communication with the YubiKey PIV smartcard



openjdk-8-jre-headless: OpenJDK Java runtime, using Hotspot JIT (headless)



openjdk-11-jre-headless: OpenJDK Java runtime, using Hotspot JIT (headless)


We can see that openjdk-8-jre-headless has been replaced by openjdk-11-jre-headless.

openjdk-13-jre-headless: OpenJDK Java runtime, using Hotspot JIT (headless)


openjdk-13-jre-headless is not yet in Debian stable. So the number of installation is low. This version is also replaced by openjdk-14-jre-headless since 2020.

openjdk-14-jre-headless: OpenJDK Java runtime, using Hotspot JIT (headless)



openjdk-15-jre-headless: OpenJDK Java runtime, using Hotspot JIT (headless)


openjdk-15-jre-headless is very new. It is in Debian unstable but has not yet migrated to Debian testing. So the number of installation is very low.

opensc-pkcs11: Smart card utilities with support for PKCS#15 compatible cards



python3-pykcs11: PKCS#11 wrapper for Python



python3-pyscard: Python3 wrapper above PC/SC API


python3-pyscard is a dependency of python3-yubikey-manager. Users are installing this package not because they love this software (I am the upstream maintainer) but because they use a yubikey.

Installations

Package # of installation % of Debian systems
libcacard05487827,83 %
libspice-client-glib-2.0-85393527,35 %
openjdk-11-jre-headless5145526,10 %
libspice-client-gtk-3.0-54902924,87 %
openjdk-8-jre-headless4292121,77 %
opensc-pkcs112437512,36 %
libopenconnect5190349,65 %
python3-pyscard3690,19 %
openjdk-14-jre-headless3400,17 %
libengine-pkcs11-openssl3120,16 %
openjdk-13-jre-headless3000,15 %
libchipcard-data1990,10 %
libckyapplet11930,10 %
coolkey1900,10 %
libchipcard61820,09 %
libykpiv11780,09 %
libcacard-dev1350,07 %
libchipcard-tools1310,07 %
libpam-pkcs11900,05 %
openjdk-15-jre-headless780,04 %
libpam-poldi390,02 %
libpam-p11330,02 %
libosmosim0290,01 %
python3-pykcs11190,01 %
libchipcard-dev180,01 %
cackey120,01 %
libckyapplet1-dev30,00 %
libpcscada0.7.530,00 %
libgnokii720,00 %

Conclusion

Many (all?) smartcard middleware packages with an important installation base are not installed for themselves but because they are a dependency of another package.

So users are installing packages with smart card features or services but without any need or use of the smart card features.
It is not a problem. It is how dependencies works.