Blog moved to

I moved my blog from to . Why? I wanted to move away from Blogger (owne...

Tuesday, November 29, 2022

PC/SC sample in TypeScript (Deno)

To continue the list of PC/SC wrappers initiated in 2010 with "PC/SC sample in different languages" I now present a new sample code in Deno a modern runtime for JavaScript and TypeScript.


The wrapper is available at and

The author is Sean Michael Wykes.

The license is MIT.

I used version 0.4.
This version includes the fixes I proposed for GNU/Linux.


From Wikipedia Deno article:

Deno is a runtime for JavaScript, TypeScript, and WebAssembly that is based on the V8 JavaScript engine and the Rust programming language. Deno was co-created by Ryan Dahl, who also created Node.js.

Deno explicitly takes on the role of both runtime and package manager within a single executable, rather than requiring a separate package-management program.


Installation is very easy. First install Deno as documented in

The PC/SC wrapper will be downloaded and installed automatically at run time.

Source code

import {
} from '';

try {
  // establish a PC/SC context
  const context = ContextProvider.establishContext();

  // get all available readers
  const readers = context.listReaders();

  for (const reader of readers) {
    console.log(`Using reader: ${}`);
    if (reader.isMute) {
      console.log(`Reader ${}: MUTE`);
    } else if (reader.isPresent) {
      // connect
      const card = await reader.connect();

      // send Select Applet APDU
      const selectApplet = CommandAPDU
        .from([ISO7816.CLA.ISO, ISO7816.INS.SelectFile, 0x04, 0x00]) // ISO SELECT
        .setData([0xA0, 0x00, 0x00, 0x00, 0x62, 0x03, 0x01, 0x0C, 0x06, 0x01]);

      const resp = await card.transmitAPDU(selectApplet);

      // check for 0x90 0x00
      if (resp.SW == ISO7816.SW.SUCCESS) {
        // success ..
        console.log(`Reader ${}: applet successfully selected`);

        // send Test APDU
        const command = CommandAPDU
          .from([ISO7816.CLA.ISO, 0, 0, 0]);

        const resp = await card.transmitAPDU(command);
        if (resp.SW == ISO7816.SW.SUCCESS) {
          // success ..
          console.log(`Reader ${}: Test command successful`);

          // convert from bytes to string and display
        } else {
          // something went wrong ..
            `Reader ${}: error SW=${resp.SW.toString(16)}`,
      } else {
        // something went wrong ..
          `Reader ${}: error SW=${resp.SW.toString(16)}`,

      // unpower and disconnect
      await card.disconnect(PCSC.Disposition.UnpowerCard);
    } else {
      console.log(`Reader ${}: NO CARD`);
  // release the PC/SC context
} catch (e: PCSCException) {
  console.log(e, "error");


$ deno run --unstable --allow-ffi blog.ts
Using reader: Gemalto PC Twin Reader (F8345B4A) 00 00
Reader Gemalto PC Twin Reader (F8345B4A) 00 00: applet successfully selected
Reader Gemalto PC Twin Reader (F8345B4A) 00 00: command successful
Hello world!


Nothing special to say. Thanks Sean for the wrapper.

If you work on a Free Software PC/SC wrapper that is not yet in my list please let me know.

Wednesday, November 16, 2022

Share a smart card reader between a host and its guest VM(s)

As I wrote in "One smart card reader accessible from many computers" it is possible to share a smart card reader between 2 or more systems.



I recently received a bug report about a problem between pcsc-lite and VirtualBox. When the smart card reader is connected to the VM guest then the kernel on the host reports errors like:

2022-11-11T14:25:01.186983-08:00 track pcscd[2474]: 00000001 eventhandler.c:336:EHStatusHandlerThread() Error communicating to: SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311514247933) 00 00 
2022-11-11T14:25:01.186993-08:00 track pcscd[2474]: 00000005 ccid_usb.c:1356:InterruptRead() libusb_submit_transfer failed: LIBUSB_ERROR_IO 
2022-11-11T14:25:01.188050-08:00 track kernel: [ 1247.705353][ T2521] usb 1-2: usbfs: process 2521 (pcscd) did not claim interface 0 before use 
2022-11-11T14:25:01.188053-08:00 track kernel: [ 1247.705386][ T2521] usb 1-2: usbfs: process 2521 (pcscd) did not claim interface 0 before use 
2022-11-11T14:25:01.587034-08:00 track pcscd[2474]: 00400173 ccid_usb.c:865:WriteUSB() write failed (1/2): -1 LIBUSB_ERROR_IO 
2022-11-11T14:25:01.587076-08:00 track pcscd[2474]: 00000008 ifdwrapper.c:364:IFDStatusICC() Card not transacted: 612

And after some times (in days) the host kernel crashes.

A Linux kernel crash is never a good thing. pcsc-lite may be very powerful but it can't crash the Linux kernel. Only a bug in the kernel itself can generate a crash. Here I suspect the VirtualBox Linux kernel module to do something bad.


Instead of connecting the USB smart card reader in the guest VM (and disconnecting it from the host) it is possible to share the smart card reader(s) between the host and guest with some help from pcsc-lite.


My demo setup:

I use 2 very different operating systems, GNU/Linux and NetBSD, on purpose. It is to show it is possible to mix systems. 


In the host, no change to the configuration. But we will redirect (inject) /run/pcscd/pcscd.comm in the virtual machine. 

On the Debian host I run:

$ ssh -N -R/tmp/pcscd.comm:/run/pcscd/pcscd.comm VMNetBSD


On the NetBSD VM I use:

$ export PCSCLITE_CSOCK_NAME=/tmp/pcscd.comm

Then I can run any application using pcsc-lite and get access to the smart card(s) and reader(s) from the host. For example: 

$ pcsc_scan -c
Wed Nov 16 17:26:55 2022 Reader 0: Alcor Micro AU9540 00 00 Event number: 0 Card state: Card inserted, ATR: 3B A7 00 40 18 80 65 A2 08 01 01 52

With a screenshot:


pcsc-lite to pcsc-lite

As I demonstrated the solution is not limited to GNU/Linux. Any Unix system using pcsc-lite can be used. But you must use the same pcsc-lite protocol on both sides.

For example the current protocol version used by pcsc-lite 1.9.9 (current version) is 4.4. It is the same protocol version since pcsc-lite 1.8.24 released in Oct 2018.

macOS or Windows host

It should be technically possible to use Windows or macOS as the host OS. That would involve a new development. Contact me if you need something like that.


No need to disconnect/reconnect the USB reader in the VM. Just share it with the host.

You will be able to use the same smart card at the same time on the two sides. Isn't it nice?

Tuesday, November 15, 2022

macOS Ventura and smart cards status

Ventura (macOS 13.0) is now available since October, 2022.

I will compare this version to the previous one in Monterey I presented in macOS Monterey and smart cards status


$ grep -A 1 CFBundleShortVersionString /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist

The CCID driver has been upgraded from version 1.4.34 as in Monterey to version 1.5.0.

Apple Open Source

The Open Source components included in macOS are listed at
In addition to a .tar.gz archive, the source code is also available in a github (acquired by Microsoft in 2018) repository at
It is then easy to see the patches applied by Apple to the CCID driver:
But the patches have no documentation on the why the patches are needed.
The only obvious patch is ccid-info-plist.patch that changes the value of ifdLogLevel from Info.plist configuration file from 3 (CRITICAL + INFO) to 1 (CRITICAL) in order to generate less logs.
It is also easy to compare two versions. For example the differences between the version for Monterey and the version for Ventura is available as a github diff between tags SmartcardCCID-55028 and SmartcardCCID-55031.

Crypto Token Kit

Nothing special to say. The source code of this part is not available.
My Objective-C sample "PC/SC" sample in Objective-C (synchronous) still builds and works fine.

Security message on first connection

On the first connection of my USB smart card reader I got this dialogue box:
It is nice to see the security improvements.
As expected, I do not get the dialogue box again after I selected "Allow".


No big changes in Ventura for the smart card world.

Monday, November 14, 2022

New version of libccid: 1.5.1

I just released version 1.5.1 of libccid the Free Software CCID class smart card reader driver.


1.5.1 - 14 November 2022, Ludovic Rousseau
  • Add support of
    • Access IS ATR220 with idProduct: 0x0184
    • Alcor Link AK9567
    • Alcor Link AK9572
    • CHERRY SmartTerminal ST-1144
    • CREATOR CRT-603(CZ1) CCR
    • Dexon Tecnologias Digitais LTDA DXToken
    • ESMART Reader ER433x ICC
    • ESMART Reader ER773x Dual & 1S
    • Flight system consulting Incredist
    • Ledger Nano S
    • Ledger Nano S Plus
    • Ledger Nano SP
    • Ledger Nano X
    • SafeNet eToken Fusion
    • Sensyl SSC-NFC Reader
  • Adjust USB drivers path at run-time via environment variable PCSCLITE_HP_DROPDIR
  • add --enable-strict option
  • Fix a problem with AUTO PPS readers and ATR convention inverse cards
  • examples/scardcontrol:
    • add support of 6A xx error codes
    • check WinSCard error early
    • parse wLcdLayout & bEntryValidationCondition
  • macOS: log non sensitive strings as "%{public}s"
  • Some other minor improvements

Monday, November 7, 2022

Updated CCID driver for UEFI

In 2015 (7 years ago) I ported my CCID driver to UEFI (Unified Extensible Firmware Interface). For example read "UEFI Smart Card Reader Protocol implementation" and "PCSC sample in C for UEFI".

New version

I now updated the driver to use:

The driver is no more a patch for edk2 but an independent UEFI driver in its own repository UEFI-SmartCardReader. It should now be easier to build.

I also updated my samples applications in UEFI-SmartCardReader-Samples.


This driver will not be used by a lot of people. The driver is for applications that are run in the UEFI (i.e. before the main operating system is started) and with a need to access smart cards.

If you use it and want to have new features, or just want to discuss, you can contact me. I am curious to know what people can do with it.