tag:blogger.com,1999:blog-69889187157044338602024-03-13T22:04:18.005+01:00Ludovic Rousseau's blogMy activities related to smart card and Free Software (as in free speech).Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comBlogger527125tag:blogger.com,1999:blog-6988918715704433860.post-79884125625322057782023-09-27T19:58:00.003+02:002023-09-27T19:58:38.878+02:00macOS Sonoma and smart cards status<p>See <a href="https://blog.apdu.fr/posts/2023/05/blog-moved-to-httpsblogapdufr/">Blog moved to https://blog.apdu.fr/</a>.</p>Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-31844061511797926932023-08-30T15:23:00.000+02:002023-08-30T15:23:25.201+02:00Wireshark better at decoding CCID protocol<p> See <a href="https://blog.apdu.fr/posts/2023/05/blog-moved-to-httpsblogapdufr/">Blog moved to https://blog.apdu.fr/</a>.</p>Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-40522229023437133512023-06-09T18:43:00.004+02:002023-06-09T18:43:32.261+02:00New version of pcsc-lite: 2.0.0<p>See <a href="https://blog.apdu.fr/posts/2023/05/blog-moved-to-httpsblogapdufr/">Blog moved to https://blog.apdu.fr/</a>.<br /></p>Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-43393741504779851272023-05-12T21:44:00.000+02:002023-05-12T21:44:56.727+02:00Blog moved to https://blog.apdu.fr/<div class="e-content entry-content" itemprop="articleBody text">
<p>I moved my blog from <a class="reference external" href="https://ludovicrousseau.blogspot.com/">https://ludovicrousseau.blogspot.com/</a> to <a class="reference external" href="https://blog.apdu.fr/">https://blog.apdu.fr/</a>.</p>
<section id="why"><h2>Why?</h2>
<p>I wanted to move away from <a class="reference external" href="https://en.wikipedia.org/wiki/Blogger_(service)">Blogger</a> (owned by
Google since 2003) and host the blog myself on a server I control.</p>
</section><section id="low-tech"><h2>Low tech</h2>
<p>The blog is now managed by the <a class="reference external" href="https://getnikola.com/">Nikola</a>
Software. I discovered Nikola by reading a <a class="reference external" href="https://lwn.net/">Linux Weekly News</a>
article <a class="reference external" href="https://lwn.net/Articles/929942/">Nikola: static-site generation in Python</a>.</p>
<p>Once generated, the HTML pages are static so it is very easy and simple
to host them on a web server. No need to have a database (like MySQL) on
the server or run a program (like PHP) to generate the content.</p>
<section id="web-design"><h3>Web design</h3>
<p>I use the <a class="reference external" href="https://themes.getnikola.com/v8/bootstrap4/">bootstrap4</a>
Nikola theme with some custom changes.</p>
<p>I am not a web page designer. Some colors or styles may look ugly.
Please send me CSS change suggestions.</p>
</section></section><section id="update-your-bookmarks"><h2>Update your bookmarks</h2>
<p>If you have links pointing to the old blog it is very easy to update
them to use the new blog.</p>
<p>For example, you have a link to <a class="reference external" href="https://ludovicrousseau.blogspot.com/2021/10/what-happened-20-years-ago.html">https://ludovicrousseau.blogspot.com/2021/10/what-happened-20-years-ago.html</a>. The same article is now available at <a class="reference external" href="https://blog.apdu.fr/posts/2021/10/what-happened-20-years-ago/">https://blog.apdu.fr/posts/2021/10/what-happened-20-years-ago/</a></p>
<ul class="simple"><li><p>replace "<a class="reference external" href="https://ludovicrousseau.blogspot.com/">https://ludovicrousseau.blogspot.com/</a>" by "<a class="reference external" href="https://blog.apdu.fr/posts/">https://blog.apdu.fr/posts/</a>"</p></li><li><p>replace ".html" by "/"</p></li></ul>
<p>It looks magic, but it works because I used the Nikola plugin
<a class="reference external" href="https://plugins.getnikola.com/v7/import_blogger/">import_blogger</a> to
import all the articles from Blogger. I then made some "manual" corrections.<br /></p>
</section><section id="update-your-rss-feed"><h2>Update your RSS feed</h2>
<p>To automatically receive new articles you can register your news reader
to the RSS feed at <a class="reference external" href="https://blog.apdu.fr/rss.xml">https://blog.apdu.fr/rss.xml</a>.</p>
</section><section id="conclusion"><h2>Conclusion</h2>
<p>I already updated the links I have on my other web pages to point to the new blog.</p>
<p>I do not plan to close the old blog at Blogger because a lot of other
pages still point to it. And it is very annoying to get an HTTP 404
error when you are redirected to a web page that does not exist anymore.</p>
</section>
</div><p></p>Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-27069501624648018332023-04-23T15:55:00.002+02:002023-04-23T15:55:55.139+02:00gscriptor now also in French and Russian<p>
I modified gscriptor (included in
<a href="https://pcsc-tools.apdu.fr/">pcsc-tools</a>) to support
internationalization (i18n). The next version of gscriptor (no release date planned yet) will be available (at least) in French and in Russian.
</p>
<h2 style="text-align: left;">gscriptor</h2>
<p>gscriptor is a graphical tool to send APDU commands to a smart card.</p>
<p></p>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;">
<tbody>
<tr>
<td style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjem06sBdD9tlZzfUOEFlJGH-K9Eiz1M9llWqkXvVr2Gthtukz7_AHtV4lV32V4PoSmbOFbY-iEzgCg5yyR984dqP93VA1IVkCZIYH6skIQf5gi1OihYAZaQHmwswbAcxTzWtKSI5A9JR8N_YLXKDhegyn-TB6y80R83z_9nCHz0G-vU99VlxzyrjLg/s845/english.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="581" data-original-width="845" height="440" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjem06sBdD9tlZzfUOEFlJGH-K9Eiz1M9llWqkXvVr2Gthtukz7_AHtV4lV32V4PoSmbOFbY-iEzgCg5yyR984dqP93VA1IVkCZIYH6skIQf5gi1OihYAZaQHmwswbAcxTzWtKSI5A9JR8N_YLXKDhegyn-TB6y80R83z_9nCHz0G-vU99VlxzyrjLg/w640-h440/english.png" width="640" /></a>
</td>
</tr>
<tr>
<td class="tr-caption" style="text-align: center;"><br /></td>
</tr>
</tbody>
</table><p>
It is written in Perl and uses the Gtk+ graphical library.</p><p></p>
<h3 style="text-align: left;">French</h3>
<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvbiC0MagL0DrI4traAopkz3drkFu7yYpNsTDppfwgWU53vswQShysW2zxL0E8TltptCHr3kc2jIEL35ZeJkk3nTOG0VVROFwAdNEQWTrG97qzfI9ON3S_5qtQjZuELIcLfRURArDYH1n9KZxAS9QvH3Rxy3tebH-m9WsDTeqwSgmesAPxO_a1aKVu/s827/French.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="584" data-original-width="827" height="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvbiC0MagL0DrI4traAopkz3drkFu7yYpNsTDppfwgWU53vswQShysW2zxL0E8TltptCHr3kc2jIEL35ZeJkk3nTOG0VVROFwAdNEQWTrG97qzfI9ON3S_5qtQjZuELIcLfRURArDYH1n9KZxAS9QvH3Rxy3tebH-m9WsDTeqwSgmesAPxO_a1aKVu/w640-h452/French.png" width="640" /></a>
</div>
<br /><p></p>
<h3 style="text-align: left;">Russian <br /></h3>
<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnnrEFJLmhOgygVLWeZTISYUGklceWyhjBhjfb4faOfFWo33OND0KB7Re-ymjxSsGf2fqWx6C1rydqtErsM5wsXi9yCXjDuvTGVAmfNHAekSMTyyJQihpXopVJYLXK32pgiCbG1NMxi5qWjK8LIqJDlU9A63YVKY_CsawkuW7A7-xJkBu0_KcrWs53/s850/Russian.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="582" data-original-width="850" height="438" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnnrEFJLmhOgygVLWeZTISYUGklceWyhjBhjfb4faOfFWo33OND0KB7Re-ymjxSsGf2fqWx6C1rydqtErsM5wsXi9yCXjDuvTGVAmfNHAekSMTyyJQihpXopVJYLXK32pgiCbG1NMxi5qWjK8LIqJDlU9A63YVKY_CsawkuW7A7-xJkBu0_KcrWs53/w640-h438/Russian.png" width="640" /></a>
</div>
<br /><h2 style="text-align: left;">Conclusion</h2>
<p>
Thanks to <a href="https://github.com/Pro-pra">Pro-pra</a> for the
<a href="https://github.com/LudovicRousseau/pcsc-tools/pull/75">initial patch</a>
and the Russian localization.
</p>
<p>
If you want to add another language please copy the file
<a href="https://github.com/LudovicRousseau/pcsc-tools/blob/master/po/pcsc-tools.pot">pcsc-tools.pot</a>, add your translations and send me the resulting file.<br />
</p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-70929642413787750192023-04-16T16:21:00.003+02:002023-04-16T16:21:39.292+02:00FAQ: pcsc-lite and SCARD_E_SERVICE_STOPPED error<p>
One of the most popular search request that bring people on my blog is about
<code>SCARD_E_SERVICE_STOPPED</code>.<br />
</p>
<h2 style="text-align: left;">The problem<br /></h2>
<p>
With pcsc-lite the only cause for the error
<code>SCARD_E_SERVICE_STOPPED</code> is that the two sides, pcscd and
libpcsclite, are using a different version of the communication protocol.
</p>
<p>
See for example the reported issue "<a href="https://github.com/LudovicRousseau/pcsc-tools/issues/74">SCardEstablishContext: Service was stopped.</a>".
</p>
<p>In the logs you have something like:</p>
<pre>$ journalctl --unit=pcscd
[...]
févr. 11 18:55:07 debian pcscd[3715]: 00000006 winscard_svc.c:361:ContextThread() Received command: CMD_VERSION from client 8
févr. 11 18:55:07 debian pcscd[3715]: 00000004 winscard_svc.c:373:ContextThread() Client is protocol version 4:3
févr. 11 18:55:07 debian pcscd[3715]: 00000001 winscard_svc.c:382:ContextThread() <span style="color: red;"><span style="background-color: #fcff01;">Communication protocol mismatch!</span></span>
févr. 11 18:55:07 debian pcscd[3715]: 00000002 winscard_svc.c:384:ContextThread() <span style="background-color: #fcff01;">Client protocol is 4:3</span>
févr. 11 18:55:07 debian pcscd[3715]: 00000001 winscard_svc.c:386:ContextThread() <span style="background-color: #fcff01;">Server protocol is 4:4</span>
févr. 11 18:55:07 debian pcscd[3715]: 00000002 winscard_svc.c:396:ContextThread() CMD_VERSION <span style="background-color: #fcff01;">rv=0x8010001E</span> for client 8
</pre>
Here the server is using version 4.4 but the client is using version 4.3.<br />The
error code <code>0x8010001E</code> is
<a href="https://pcsclite.apdu.fr/api/group__ErrorCodes.html#ga262c34297ab1b65db1c9516ccc0dd9a0">SCARD_E_SERVICE_STOPPED</a>.
<p></p>
<h2 style="text-align: left;">The cause</h2>
<p>
This situation can happen if you reinstalled pcsc-lite yourself but in
<file>/usr/local/</file> instead of <file>/usr/</file>. In that case you have
2 different versions of pcsc-lite installed at the same time on your system.
</p>
<p>
You may also use an application inside a flatpak container that uses a
different version of pcsc-lite. See the limitations listed in "<a href="https://ludovicrousseau.blogspot.com/2022/02/accessing-smart-cards-from-inside.html">Accessing smart cards from inside a flatpak sandbox</a>".
</p>
<h2 style="text-align: left;">The solution</h2>
<p>Do not mix different versions of pcsc-lite.<br /></p>
<h2 style="text-align: left;">Conclusion</h2>
<p>
This is the second article in the FAQ "section". The first one was "<a href="https://ludovicrousseau.blogspot.com/2023/03/faq-wintypesh-or-winscardh-not-found.html">FAQ: wintypes.h or winscard.h not found</a>". I will try to provide other articles about common errors.<br />
</p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-62940137105418444062023-04-14T22:17:00.000+02:002023-04-14T22:17:15.412+02:00Verify with OpenSSL a signature computed by PyKCS11<p>
With PyKCS11 I provide a sample code
<a href="https://github.com/LudovicRousseau/PyKCS11/blob/master/samples/signature.py">signature.py</a>
to compute a RSA+SHA256 signature. The Python sample also contains the code to
check the signature using PyKCS11.
</p>
<p>But what if you want to verify the signature using OpenSSL?</p>
<h2 style="text-align: left;">Export the public key</h2>
<div style="text-align: left;">
PYKCS11LIB environment variable is used to indicate what PKCS#11 library to
use. For the tests I use <a href="https://github.com/opendnssec/SoftHSMv2">SoftHSM</a> so I set the variable using:
</div>
<pre>$ export PYKCS11LIB=/usr/local/lib/softhsm/libsofthsm2.so</pre>
<!--Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite-->
<pre><tt><i><font color="#9A1900">#!/bin/bash</font></i>
<b><font color="#0000FF">set</font></b> -e
<i><font color="#9A1900"># get the 1st key object ID</font></i>
<font color="#009900">ID</font><font color="#990000">=</font><font color="#009900">$(</font>pkcs11-tool --module <font color="#009900">$PYKCS11LIB</font> --list-objects --type pubkey <font color="#990000">\</font>
<font color="#990000">|</font> grep ID <font color="#990000">\</font>
<font color="#990000">|</font> cut -d<font color="#990000">:</font> -f <font color="#993399">2</font><font color="#990000">)</font>
echo <font color="#FF0000">"Object id: $ID"</font>
<i><font color="#9A1900"># export the public key</font></i>
pkcs11-tool --module <font color="#009900">$PYKCS11LIB</font> --read-object --type pubkey --id <font color="#009900">$ID</font> -o rsa_pub<font color="#990000">.</font>key
<i><font color="#9A1900"># convert the public key to PEM</font></i>
openssl rsa -pubin -inform DER -in rsa_pub<font color="#990000">.</font>key -outform PEM -out rsa_pub<font color="#990000">.</font>pem
</tt></pre>
<p>
The RSA key pair has been generated by the
<a href="https://github.com/LudovicRousseau/PyKCS11/blob/master/samples/generate.py">generate.py</a>
script and is stored in the PKCS#11 token. We need to export it so that
OpenSSL can use it to check the signature.<br />
</p>
<p>
To export the key I use pkcs11-tool from the
<a href="https://github.com/OpenSC/OpenSC">OpenSC</a> project. We need to know
the object ID of the public key. This ID is configured in generate.py script
<a href="https://github.com/LudovicRousseau/PyKCS11/blob/master/samples/generate.py#L22">line 22</a>. We dump the public keys and get the object ID.
</p>
<pre>$ pkcs11-tool --module $PYKCS11LIB --list-objects --type pubkey
Using slot 0 with a present token (0x27ca3aa)
Public Key Object; RSA 1024 bits
label: My Public Key
<span style="background-color: #fcff01;"> ID: 22</span>
Usage: encrypt, verify, wrap
Access: local</pre>
<p>
The script will work correctly if only one public key is present in the token.
I let you handle more complex cases.
</p>
<h3 style="text-align: left;">output</h3>
<pre>$ ./export_key.sh
Using slot 0 with a present token (0x27ca3aa)
Object id: 22
Using slot 0 with a present token (0x27ca3aa)
writing RSA key</pre>
<h2 style="text-align: left;">Compute signature</h2>
<div style="text-align: left;">
I modified the original signature.py script to also save the clear text
message in a file <file>cleartext.txt</file> and the signature in a file
<file>sig_sha256.bin</file> so these files can be used later by OpenSSL.
</div>
<div style="text-align: left;"><br /></div>
<!--Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite-->
<pre><tt><i><font color="#9A1900">#!/usr/bin/env python3</font></i>
<b><font color="#000080">from</font></b> PyKCS11 <b><font color="#000080">import</font></b> <font color="#990000">*</font>
<b><font color="#000080">import</font></b> binascii
pkcs11 <font color="#990000">=</font> <b><font color="#000000">PyKCS11Lib</font></b><font color="#990000">()</font>
pkcs11<font color="#990000">.</font><b><font color="#000000">load</font></b><font color="#990000">()</font> <i><font color="#9A1900"># define environment variable PYKCS11LIB=YourPKCS11Lib</font></i>
<i><font color="#9A1900"># get 1st slot</font></i>
slot <font color="#990000">=</font> pkcs11<font color="#990000">.</font><b><font color="#000000">getSlotList</font></b><font color="#990000">(</font>tokenPresent<font color="#990000">=</font>True<font color="#990000">)[</font><font color="#993399">0</font><font color="#990000">]</font>
session <font color="#990000">=</font> pkcs11<font color="#990000">.</font><b><font color="#000000">openSession</font></b><font color="#990000">(</font>slot<font color="#990000">,</font> CKF_SERIAL_SESSION <font color="#990000">|</font> CKF_RW_SESSION<font color="#990000">)</font>
session<font color="#990000">.</font><b><font color="#000000">login</font></b><font color="#990000">(</font><font color="#FF0000">"1234"</font><font color="#990000">)</font>
<i><font color="#9A1900"># message to sign</font></i>
toSign <font color="#990000">=</font> <font color="#FF0000">"Hello World!\n"</font>
mechanism <font color="#990000">=</font> <b><font color="#000000">Mechanism</font></b><font color="#990000">(</font>CKM_SHA256_RSA_PKCS<font color="#990000">,</font> None<font color="#990000">)</font>
<i><font color="#9A1900"># find first private key and compute signature</font></i>
privKey <font color="#990000">=</font> session<font color="#990000">.</font><b><font color="#000000">findObjects</font></b><font color="#990000">([(</font>CKA_CLASS<font color="#990000">,</font> CKO_PRIVATE_KEY<font color="#990000">)])[</font><font color="#993399">0</font><font color="#990000">]</font>
signature <font color="#990000">=</font> session<font color="#990000">.</font><b><font color="#000000">sign</font></b><font color="#990000">(</font>privKey<font color="#990000">,</font> toSign<font color="#990000">,</font> mechanism<font color="#990000">)</font>
<b><font color="#0000FF">print</font></b><font color="#990000">(</font><font color="#FF0000">"\nsignature: {}"</font><font color="#990000">.</font><b><font color="#000000">format</font></b><font color="#990000">(</font>binascii<font color="#990000">.</font><b><font color="#000000">hexlify</font></b><font color="#990000">(</font><b><font color="#000000">bytearray</font></b><font color="#990000">(</font>signature<font color="#990000">))))</font>
<i><font color="#9A1900"># save the clear text in a file</font></i>
with <b><font color="#000000">open</font></b><font color="#990000">(</font><font color="#FF0000">"cleartext.txt"</font><font color="#990000">,</font> <font color="#FF0000">"w"</font><font color="#990000">)</font> as f<font color="#990000">:</font>
f<font color="#990000">.</font><b><font color="#000000">write</font></b><font color="#990000">(</font>toSign<font color="#990000">)</font>
<i><font color="#9A1900"># save to a signature in a file</font></i>
with <b><font color="#000000">open</font></b><font color="#990000">(</font><font color="#FF0000">"sig_sha256.bin"</font><font color="#990000">,</font> <font color="#FF0000">"bw"</font><font color="#990000">)</font> as f<font color="#990000">:</font>
f<font color="#990000">.</font><b><font color="#000000">write</font></b><font color="#990000">(</font><b><font color="#000000">bytearray</font></b><font color="#990000">(</font>signature<font color="#990000">))</font>
<i><font color="#9A1900"># find first public key and verify signature</font></i>
pubKey <font color="#990000">=</font> session<font color="#990000">.</font><b><font color="#000000">findObjects</font></b><font color="#990000">([(</font>CKA_CLASS<font color="#990000">,</font> CKO_PUBLIC_KEY<font color="#990000">)])[</font><font color="#993399">0</font><font color="#990000">]</font>
result <font color="#990000">=</font> session<font color="#990000">.</font><b><font color="#000000">verify</font></b><font color="#990000">(</font>pubKey<font color="#990000">,</font> toSign<font color="#990000">,</font> signature<font color="#990000">,</font> mechanism<font color="#990000">)</font>
<b><font color="#0000FF">print</font></b><font color="#990000">(</font><font color="#FF0000">"\nVerified:"</font><font color="#990000">,</font> result<font color="#990000">)</font>
<i><font color="#9A1900"># logout</font></i>
session<font color="#990000">.</font><b><font color="#000000">logout</font></b><font color="#990000">()</font>
session<font color="#990000">.</font><b><font color="#000000">closeSession</font></b><font color="#990000">()</font>
</tt></pre>
<h3 style="text-align: left;">Output</h3>
<pre>$ ./signature.py
signature: b'322c1591cb9aba1e361264b02464a2bd9d55693bf772b4253da0862616e611dc139005742c511795c27c8f609e4ddbaafceba1c3b3ce278b8e0af564c84de54a639cff67a9a3f97dcc542cd6f0200954ef7fce4a0f87b61636272e21fc1e3ef9f0b683e360cca4231405dd90ae2c4a3638ca7a85e2b62f6ae30975ff3885ab60'
Verified: True</pre>
<h2 style="text-align: left;">Verify signature</h2>
<!--Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite-->
<pre><tt><i><font color="#9A1900">#!/bin/bash</font></i>
<b><font color="#0000FF">set</font></b> -e
<i><font color="#9A1900"># verify signature</font></i>
openssl dgst -sha<font color="#993399">256</font> -verify rsa_pub<font color="#990000">.</font>pem -signature sig_sha256<font color="#990000">.</font>bin cleartext<font color="#990000">.</font>txt
</tt></pre>
<h3 style="text-align: left;">Output <br /></h3>
<pre>$ ./verify.sh
Verified OK</pre>
<h2 style="text-align: left;">Conclusion</h2>
<p>Thanks to Leon Rman for the initial code and the idea.</p><p>I let you write the code to do the symmetrical operations: sign using OpenSSL and verify using PyKCS11.<br /></p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-86293710242204407762023-04-10T12:08:00.000+02:002023-04-10T12:08:38.632+02:00 New PyKCS11 1.5.12 available<p>
I just released a new version of
<a href="https://github.com/LudovicRousseau/PyKCS11">PyKCS11</a>, a Python
wrapper above the PKCS#11 API.<br />
See "<a
href="https://ludovicrousseau.blogspot.fr/2010/06/pykcs11-introduction.html"
>PyKCS11 introduction</a
>" or "<a href="https://pkcs11wrap.sourceforge.io/api/"
>PyKCS11’s documentation</a
>".<br />
<br />
</p>
<div>
The project is registered at Pypi:
<a href="https://pypi.org/project/PyKCS11/"
>https://pypi.org/project/PyKCS11/</a
>
</div>
<div> </div>
<div><h3 style="text-align: left;">Changes:</h3></div>
<div>
1.5.12 - April 2023, Ludovic Rousseau<br />
<ul style="text-align: left;">
<li>add <code>setAttributeValue()</code></li>
<li>minor improvements</li>
</ul>
<br /> <br />
</div>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-90543927102019110182023-03-31T18:55:00.000+02:002023-03-31T18:55:05.952+02:00PySCard 2.0.7 released<p>
I just released a new version 2.0.7 of pyscard.
<a href="https://pyscard.sourceforge.io/">PySCard</a> is a python module
adding smart cards support (PC/SC) to Python.
</p>
<p>The PySCard project is available at:<br /></p>
<ul>
<li><a href="https://pypi.python.org/pypi/pyscard">pypi</a></li>
<li><a href="https://github.com/LudovicRousseau/pyscard">github</a></li>
<li><a href="https://sourceforge.net/projects/pyscard/">sourceforge</a></li></ul><p> </p><ul>
</ul>
<h3 style="text-align: left;">Changes:</h3>
<p>2.0.7 (March 2023)<br /></p>
<ul style="text-align: left;">
<li>do not include the generated HTML documentation in the archive</li>
</ul>
<p><br />2.0.6 (March 2023)<br /></p>
<ul style="text-align: left;">
<li>handle <code>SCARD_E_NO_SERVICE</code> on Windows (on last reader removal)</li>
<li>add support of MSYS2/mingw environment on Windows</li>
<li>improve documentation</li>
<li>minor changes</li>
</ul>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-40961193190003761192023-03-17T21:45:00.001+01:002023-03-17T21:45:50.380+01:00FAQ: wintypes.h or winscard.h not found<p>
One of the most popular search requests that bring people on my website
<a href="https://pcsclite.apdu.fr/">https://pcsclite.apdu.fr/</a> is about
<file>wintypes.h</file> not found.
</p>
<h2 style="text-align: left;">Problem <br /></h2>
<p>For example you try to compile something and get the error:<br /></p>
<pre>smartcard/scard/helpers.c:28:10: fatal error: winscard.h: No such file or directory
#include <winscard.h>
^~~~~~~~~~~~
</pre>
<h2 style="text-align: left;">Solution <br /></h2>
<p>
The PC/SC header files (<file>winscard.h</file>, <file>wintypes.h</file> and some others) are provided by the
<b>development</b> pcsclite package.
</p>
<ul style="text-align: left;">
<li>
for Debian, Ubuntu or derivatives the package is
<a href="https://packages.debian.org/search?keywords=pcsclite-dev">pcsclite-dev</a>
</li>
<li>
for RedHat, Fedora and derivatives the package is
<a href="https://pkgs.org/search/?q=pcsc-lite-devel">pcsc-lite-devel</a>
</li>
<li>for other Unixes, use your favourite search engine 😜</li>
</ul>
<p>
You install the correct package and you try again to build your software.<br />
</p>
<h2 style="text-align: left;">Conclusion</h2>
<p>
I hope this blog article will be correctly indexed by search engines to help people find the
solution.<br />
</p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-4399880849115839932023-01-31T17:31:00.001+01:002023-01-31T17:31:36.690+01:00 New version of libccid: 1.5.2<p>
I just released <a href="https://ccid.apdu.fr/files/">version 1.5.2</a> of
<a href="https://ccid.apdu.fr/">libccid</a> the Free Software CCID class smart
card reader driver.
</p>
<h3 style="text-align: left;">Changes:</h3>
<p>1.5.2 - 31 January 2023, Ludovic Rousseau<br /></p>
<ul style="text-align: left;">
<li>Add support of</li>
<ul>
<li>KAPELSE KAP-LINK</li>
<li>LDU LANDI</li>
<li>Sensyl SSC-HV Reader</li>
<li>TOKEN2 MFA NFC Reader</li>
<li>TOKEN2 Molto2</li>
<li>Thales RF Reader</li>
</ul>
<li>Alcor Micro AU9560: Remove high speeds since they are not supported</li>
<li>Hack for AlcorMicro AU9560 and Acos-ID card</li>
<li><file>configure.ac</file>: disable the use of <code>--disable-usbdropdir</code></li>
</ul>
<p><br /> <br /></p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-7462819022144432492023-01-22T16:46:00.000+01:002023-01-22T16:46:00.036+01:00PC/SC tools projects moved to .apdu.fr<p>
For historical reasons some projects I maintain are still hosted at my
"personal" page
<a href="http://ludovic.rousseau.free.fr/">http://ludovic.rousseau.free.fr/</a>
in the
<a href="http://ludovic.rousseau.free.fr/softwares/">My computer programs</a>
page.<br />
</p>
<p>They are:</p>
<ul style="text-align: left;">
<li>ifd-GemPC: serial GemPC 410 and USB GemPC 430 reader drivers.</li>
<li>pcsc-perl: wrapper to use PC/SC in Perl.</li>
<li>pcsc-tools: some tools to be used with smart cards and PC/SC.</li>
</ul>
<h2 style="text-align: left;">Why the change?</h2>
<p>
My personal pages, hosted by my ISP (Internet Service Provider), are still not
using https. I have no access to the web server so I can't change that.<br />
</p>
<p>
The new pages will be independent from the ISP. The projects will use a DNS name I
maintain myself.
</p>
<p>
According to the <a href="https://web.archive.org/">Internet Archive</a> the
<a href="https://web.archive.org/web/20011211225340/http://ludovic.rousseau.free.fr/softwares/softs.html">"My computer programs" page exists</a>
since August 2001. I don't think the personal pages hosted by
<a href="https://en.wikipedia.org/wiki/Free_(ISP)">Free</a> will disappear
soon, but who knows. Maybe Elon Musk will buy
<a href="https://en.wikipedia.org/wiki/Iliad_SA">Iliad</a> (parent company of
Free) and... anything can happen next.<br />
</p>
<p>
I will be able to get some access statistics, in particular for the file
<file>smartcard_list.txt</file> containing the list of ATRs used by the
<code>pcsc_scan</code> tool.<br />
</p>
<h2 style="text-align: left;">Now hosts</h2>
<p>The projects are now in subdomains of apdu.fr. They are at:</p>
<ul style="text-align: left;">
<li><a href="https://ifd-gempc.apdu.fr/">https://ifd-gempc.apdu.fr/</a></li>
<li><a href="https://pcsc-perl.apdu.fr/">https://pcsc-perl.apdu.fr/</a></li>
<li><a href="https://pcsc-tools.apdu.fr/">https://pcsc-tools.apdu.fr/</a></li>
</ul>
<p>The old pages redirect to the new web sites.</p>
<p>
The URL
<a href="http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt">http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt</a>
is used by (old) versions of <code>ATR_analysis</code> used by <code>pcsc_scan</code>. This file will be
maintained up to date for the next months/years.<br />
</p>
<h2 style="text-align: left;">Conclusion</h2>
<p>I continue my migration to self-hosting. Thanks to all the <a href="https://ludovicrousseau.blogspot.com/2023/01/github-sponsor-2022-status.html">sponsors</a> that allow me to do that.<br /></p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-14973512777671638612023-01-22T16:38:00.000+01:002023-01-22T16:38:16.802+01:00 New version of pcsc-tools: 1.6.2<p>
I just released a new version of
<a href="https://pcsc-tools.apdu.fr/">pcsc-tools</a>, a suite of tools for
PC/SC.
</p>
<p>I updated <code>ATR_analysis</code> to use the new location of the smart card ATR list.<br /></p>
<h3 style="text-align: left;">Changes:</h3>
<div style="text-align: left;">
1.6.2 - 22 January 2023, Ludovic ROUSSEAU<br />
<ul style="text-align: left;">
<li>18 new ATRs</li>
<li>
<file>smartcard_list.txt</file> moved to
<a href="https://pcsc-tools.apdu.fr/smartcard_list.txt"
>https://pcsc-tools.apdu.fr/smartcard_list.txt</a
>
</li>
</ul>
</div>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-81934426724425135502023-01-03T22:09:00.000+01:002023-01-03T22:09:58.690+01:00Github sponsor: 2022 status<p>Since January 2020 I am part of the Github sponsors program. See my previous articles: <a href="https://ludovicrousseau.blogspot.com/2020/01/github-sponsors.html">GitHub Sponsors</a>, <a href="https://ludovicrousseau.blogspot.com/2020/05/github-sponsors-first-payment.html">GitHub Sponsors: first payment</a> and <a href="https://ludovicrousseau.blogspot.com/2020/10/github-sponsors-us-20-per-month.html">GitHub Sponsors: US$ 20 per month</a>.</p><p>I wanted to update you about the years 2021 and 2022.</p><h2 style="text-align: left;">Public data</h2><p>My Github sponsor page is available at <a href="https://github.com/sponsors/LudovicRousseau">Become a sponsor to Ludovic Rousseau</a>.</p><p>You can see that I currently have 7 sponsors, and 4 past sponsors. A big thank you to all of them.<br /></p><p>The amount of money is not public. That is why I wrote the next chapter.<br /></p><h2 style="text-align: left;">Private data</h2><p>In 2022 I received a total of 628 €. Compared to 394 € in 2021 that is an increase of 59%.<br /></p><p>The amount I receive monthly is slowly growing since 2021.</p><p>To be fully transparent to my sponsors and everybody else (full disclosure?) I publish below the monthly results since the beginning of the experience:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPI5Hc9GL2R48DOBMZdh1mrnMywEdN8nuBXcN6Y0K-4ZOdoYLRLD_U8gGkkUeqYJlEBIOjr3h5v6bT7DubtkWySiHUtv0BSPGHGRJDGmJYyy5u9ttM1SjOTqpxTcDtOKG9aoXfKvR0QImWafx57LUr12VoT4RE4cVV0l6h3j16AtvvT7lDAsT36b_D/s517/amount.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="382" data-original-width="517" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPI5Hc9GL2R48DOBMZdh1mrnMywEdN8nuBXcN6Y0K-4ZOdoYLRLD_U8gGkkUeqYJlEBIOjr3h5v6bT7DubtkWySiHUtv0BSPGHGRJDGmJYyy5u9ttM1SjOTqpxTcDtOKG9aoXfKvR0QImWafx57LUr12VoT4RE4cVV0l6h3j16AtvvT7lDAsT36b_D/s16000/amount.png" /></a></div><br />It is far from a full time salary. But that is enough to pay for the infrastructure I use to host my different web sites.<br /><p></p><p></p><h2 style="text-align: left;">Conclusion</h2><p>Again a big thank you to my present and past sponsors.</p><p>If you want to help and become a sponsor then go to <a href="https://github.com/sponsors/LudovicRousseau">Become a sponsor to Ludovic Rousseau</a>.
</p>Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-1954574731543753202023-01-01T16:25:00.000+01:002023-01-01T16:25:04.499+01:00Happy new year 2023<p>
Dear readers,<br />
<br />
I wish you a happy new year for 2023.</p>
<p>In 2022 I published 32 articles on this blog.</p>
<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlbkG3Iytzdf9rbSH7fQCTi_ScHnTVS5gCgqya103g5cpe3WMHjClqnVpm6PiKBXtH65awY_Do_ONgdJCNfQ07Lb2972pIcrV9H7tjx3-DwZOFhuN7t6P5FTfhhg_5eRRV6W7z87J6Ni2hAwPOn8RZMyLkHP5uN25hd2VXodFc-8RfCux0a50o-9QM/s576/stats.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="373" data-original-width="576" height="414" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlbkG3Iytzdf9rbSH7fQCTi_ScHnTVS5gCgqya103g5cpe3WMHjClqnVpm6PiKBXtH65awY_Do_ONgdJCNfQ07Lb2972pIcrV9H7tjx3-DwZOFhuN7t6P5FTfhhg_5eRRV6W7z87J6Ni2hAwPOn8RZMyLkHP5uN25hd2VXodFc-8RfCux0a50o-9QM/w640-h414/stats.png" width="640" /></a>
</div>
<br />
<p></p>
<h2 style="text-align: left;">Audience in 2022<br /></h2>
<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLMJQzAJlTCW48foM0uL3z1ZK1gvtibZByczGKYivBKGKsmCsJY5iDzQqK_Y6IA8XdC1-AJg391GFozhn0hsMrBWs4advk8Id_jlNeI3ucZ95RrU8d5wjwAtGWwhUQpyISfuOe1zkdF2BKUdxXXUbd4vOlPxTtti9-1iwq3CDBvTUUPrWwIXzOAZ7l/s999/audience.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="336" data-original-width="999" height="216" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLMJQzAJlTCW48foM0uL3z1ZK1gvtibZByczGKYivBKGKsmCsJY5iDzQqK_Y6IA8XdC1-AJg391GFozhn0hsMrBWs4advk8Id_jlNeI3ucZ95RrU8d5wjwAtGWwhUQpyISfuOe1zkdF2BKUdxXXUbd4vOlPxTtti9-1iwq3CDBvTUUPrWwIXzOAZ7l/w640-h216/audience.png" width="640" /></a>
</div>
<br /> You can notice a spike around 17th December. That is the article "<a href="https://ludovicrousseau.blogspot.com/2022/12/alcormicro-au9560-reader-and-fast-smart.html">AlcorMicro AU9560 reader and fast smart cards: help from crowd needed</a>". I added the article URL in different bug reports so it gained
<i>some</i> extra visibility.<br />
<p></p>
<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhCIkCCzLO_Ry2tZnm8QNWgBwsodzD0CF8qWct5RrUfhYyGze7YR56LZdtungwSsgrzuARzjEf2N8yh3ZzUFV7iqO81HZzdgB0eygC2Wmr6jvWVinTdzkrnL9qSOZ0CqlqJVdrkswwQfrTBozKvqo1wBH4fXr_56rARHTSdUUdNTFFhNpop19_pF4k/s1070/location.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1070" data-original-width="997" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhCIkCCzLO_Ry2tZnm8QNWgBwsodzD0CF8qWct5RrUfhYyGze7YR56LZdtungwSsgrzuARzjEf2N8yh3ZzUFV7iqO81HZzdgB0eygC2Wmr6jvWVinTdzkrnL9qSOZ0CqlqJVdrkswwQfrTBozKvqo1wBH4fXr_56rARHTSdUUdNTFFhNpop19_pF4k/w597-h640/location.png" width="597" /></a>
</div>
<p>Again, a large part of the audience comes from the United States.</p><p> </p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTKnMY54WvNPc0Iz1MsCoIDKe6hy_6_nvlybQz1BZN8IHr3GBWtjxkF5Y2K0YQE4qPM85ZUpL43AZP90UA9v2ItAFfXAPdxfzjog8COUeUTVxJ_io5WXPldmKvh8Vzw7kxUem6RM07Y8HSI4SfCtsascRiWCy-qFWzl5aCA2t5HWznOqnqXV7JzMsV/s946/os.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="537" data-original-width="946" height="364" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTKnMY54WvNPc0Iz1MsCoIDKe6hy_6_nvlybQz1BZN8IHr3GBWtjxkF5Y2K0YQE4qPM85ZUpL43AZP90UA9v2ItAFfXAPdxfzjog8COUeUTVxJ_io5WXPldmKvh8Vzw7kxUem6RM07Y8HSI4SfCtsascRiWCy-qFWzl5aCA2t5HWznOqnqXV7JzMsV/w640-h364/os.png" width="640" /></a>
</div><p>Surprisingly, a large part of the audience uses Windows.</p><p>For a blog that
talks about Free Software that is strange. I guess Windows users are
interested by my projects that are also available on Windows like
<a href="https://github.com/LudovicRousseau/pyscard">PySCard</a> or
<a href="https://github.com/LudovicRousseau/PyKCS11">PyKCS11</a>.</p><p>Or maybe Windows developers are looking for serious information they do not find elsewhere like sample codes to use PC/SC in an application?<br /></p><h2 style="text-align: left;">Most read articles</h2>
<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLfPOS5bP9qz98MT_K3mYmI9QQ3-Jtw360Qq_1zXtTmBq6JTU-85crhtn-sQ4KUJCUM3l9poX0PwdUU0Ok5RHvYrP0Odi4h95PdimgwpU8YEJHFP6ocTzSKPILVDBU9Jz2Yxp4nZo1yJftcEi159rfZVYSvn7OGm6Zu8BuEXijfVeZeVlHnl-6ZAWc/s1000/posts.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="734" data-original-width="1000" height="470" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLfPOS5bP9qz98MT_K3mYmI9QQ3-Jtw360Qq_1zXtTmBq6JTU-85crhtn-sQ4KUJCUM3l9poX0PwdUU0Ok5RHvYrP0Odi4h95PdimgwpU8YEJHFP6ocTzSKPILVDBU9Jz2Yxp4nZo1yJftcEi159rfZVYSvn7OGm6Zu8BuEXijfVeZeVlHnl-6ZAWc/w640-h470/posts.png" width="640" /></a>
</div>
<br />The post number one, by far, is about the AlcorMicro AU9560 (bogus)
reader.<br />
<p></p>
<h2 style="text-align: left;">Conclusion</h2>
<p>
Thank you to you, readers.<br />
<br />
This blog has no advertising. If you want to support me you can become a
<a href="https://ludovicrousseau.blogspot.com/2020/01/github-sponsors.html">github sponsor</a>
(or <a href="https://ludovicrousseau.blogspot.com/2014/11/how-to-help-my-projects-send-me-bitcoins.html">send me some bitcoins</a> but with the current electric energy crisis and bitcoin impact on the climate it may not be a good choice).<br /></p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-44616371397570872262022-12-30T13:58:00.000+01:002022-12-30T13:58:09.024+01:00New version of pcsc-tools: 1.6.1<p> I just released a new version of
<a href="http://ludovic.rousseau.free.fr/softwares/pcsc-tools/">pcsc-tools</a>, a suite of tools for PC/SC. </p><h3 style="text-align: left;">Changes:</h3><p>1.6.1 - 30 December 2022, Ludovic ROUSSEAU<br /></p><ul style="text-align: left;"><li>196 new ATRs</li><li>use colors on NetBSD ("wsvt25" terminal)</li><li>pcsc_scan: always print the version in verbose mode</li></ul>Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-46908337915693306332022-12-27T10:32:00.000+01:002022-12-27T10:32:07.939+01:00PySCard (smartcard Python wrapper) API documentation update<p>
The documentation for the PySCard API was not updated since 2017 (5 years
ago).
</p>
<h2 style="text-align: left;">epydoc → pydoctor <br /></h2>
<p>
The tool used to generate the HTML documentation is
<a href="https://pypi.org/project/epydoc/">epydoc</a>. The
<a href="https://pypi.org/project/epydoc/#history">latest epydoc version</a>
was released in 2008 (14 years ago). This tool is no more available in Debian
so I had to move to something else.
</p>
<p>
The (new) tool to replace epydoc is
<a href="https://pypi.org/project/pydoctor/">pydoctor</a>. It is actively
maintained and generates nicer HTML pages.
</p>
<p>For example, nice changes are:</p>
<ul style="text-align: left;">
<li>
use of
<a href="https://pyscard.sourceforge.io/apidocs/smartcard.ATR.ATR.html#__initInstance__">HTML list</a>
</li>
<li>
use
<a href="https://pyscard.sourceforge.io/apidocs/smartcard.Session.html">syntax colorization</a> for sample source code
</li>
<li>
provide indexes for
<a href="https://pyscard.sourceforge.io/apidocs/nameIndex.html">names</a>,
<a href="https://pyscard.sourceforge.io/apidocs/classIndex.html">classes</a>
and
<a href="https://pyscard.sourceforge.io/apidocs/moduleIndex.html">modules</a>
</li>
<li>
no use of HTML frame so the URL is always correct and can be shared <br />
</li>
</ul>
<h2 style="text-align: left;">Previous documentation</h2>
<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ3NWtqxz0cksAzu5PnAoN5HWZMY7-nAVbz4qoc-Tq8_ZBKTzCCRbR--VHcBcPdXjc9FPCa9Rqs14M9DZXP5hSCFDGX37bxugxGm5Wk7j1IF7Z7gyec7RY2-lfbMJu2oUESZbKqG_p6CI_oNCGnacgkhsRo5CDqYhVXVSZ1ZzJZU1j742knxIB1ANY/s845/epydoc1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="784" data-original-width="845" height="594" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ3NWtqxz0cksAzu5PnAoN5HWZMY7-nAVbz4qoc-Tq8_ZBKTzCCRbR--VHcBcPdXjc9FPCa9Rqs14M9DZXP5hSCFDGX37bxugxGm5Wk7j1IF7Z7gyec7RY2-lfbMJu2oUESZbKqG_p6CI_oNCGnacgkhsRo5CDqYhVXVSZ1ZzJZU1j742knxIB1ANY/w640-h594/epydoc1.png" width="640" /></a>
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq1ZrlW6MDufgfct4DMkAlJBrjB2A-3LmCFkNnltbX4-53CmOWrevkiIIf0zYBxNvXzfFfH715NefgtNhTQZc4RyX71h39BRSu4wDB6jY8zH-44lvd3beYXMKAbi5J_wHr_EQcA8XC2OtKMHpAvKoSTFHIE8UD2rokxUizWCEfAxLOWAwoyGDIuko4/s857/epydoc3.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="788" data-original-width="857" height="588" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq1ZrlW6MDufgfct4DMkAlJBrjB2A-3LmCFkNnltbX4-53CmOWrevkiIIf0zYBxNvXzfFfH715NefgtNhTQZc4RyX71h39BRSu4wDB6jY8zH-44lvd3beYXMKAbi5J_wHr_EQcA8XC2OtKMHpAvKoSTFHIE8UD2rokxUizWCEfAxLOWAwoyGDIuko4/w640-h588/epydoc3.png" width="640" /></a>
</div>
<p></p>
<p>
The old (epydoc) documentation is still available online at
<a href="https://pyscard.sourceforge.io/epydoc/">https://pyscard.sourceforge.io/epydoc/</a><br />
</p>
<h2 style="text-align: left;">New documentation</h2>
<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTXRD4taCjaQtVpTHyK0Xhvj9-Y_bcrQcKZdbimzXkSIV5MpsQak8cJ5xcgP0wP-i8yStCH9t57WeSMWc-d1etld7ADq62W8ciqc1-W7EzMoWJURQVeEtHsKH5XrF5LyQovR__bXrJTzjDbHx_WMRokUjrcSNwJxkE0GvbCEz9iBuMl0FgKdv52y2M/s845/pydoctor1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="784" data-original-width="845" height="594" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTXRD4taCjaQtVpTHyK0Xhvj9-Y_bcrQcKZdbimzXkSIV5MpsQak8cJ5xcgP0wP-i8yStCH9t57WeSMWc-d1etld7ADq62W8ciqc1-W7EzMoWJURQVeEtHsKH5XrF5LyQovR__bXrJTzjDbHx_WMRokUjrcSNwJxkE0GvbCEz9iBuMl0FgKdv52y2M/w640-h594/pydoctor1.png" width="640" /></a>
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0_AIxPXPymXy_gqQP2R13gqhQmejfuFUFe1y5T2RKZ326ywRoVkRZIKjcXGGwiSfd0wSI0l0YcJNn-3vBHUJBGfTcT7CxbiQ67Squ4piua9o28VHq6I6V4Vu0LFwtVtRGOj4HnEcOCdi_7MEH0gD9kiajtmNETizUXYziBV3zEUvgG3CJZEaUorbR/s857/pydoctor3.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="788" data-original-width="857" height="588" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0_AIxPXPymXy_gqQP2R13gqhQmejfuFUFe1y5T2RKZ326ywRoVkRZIKjcXGGwiSfd0wSI0l0YcJNn-3vBHUJBGfTcT7CxbiQ67Squ4piua9o28VHq6I6V4Vu0LFwtVtRGOj4HnEcOCdi_7MEH0gD9kiajtmNETizUXYziBV3zEUvgG3CJZEaUorbR/w640-h588/pydoctor3.png" width="640" /></a>
</div>
<br />
<p></p>
<h2 style="text-align: left;">Conclusion <br /></h2>
<p>
The new API documentation is available at
<a href="https://pyscard.sourceforge.io/apidocs/index.html">https://pyscard.sourceforge.io/apidocs/index.html</a>
or from the project main documentation page
<a href="https://pyscard.sourceforge.io/index.html">https://pyscard.sourceforge.io/index.html</a><br />
</p>
<p>
I guess I could improve the documentation. Feel free to report issues or
suggest improvements.<br />
</p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-8671332789654754492022-12-17T11:36:00.003+01:002023-01-31T17:57:17.475+01:00AlcorMicro AU9560 reader and fast smart cards: help from crowd needed<p>
The
<a href="https://ccid.apdu.fr/ccid/unsupported.html#0x058F0x9540_1">AlcorMicro AU9560</a>
smart card reader has problems with high speed smart cards.
</p>
<h2 style="text-align: left;">The reported problem</h2>
<p>The same problem is already reported in different places: <br /></p>
<ul style="text-align: left;">
<li>
"<a href="https://salsa.debian.org/rousseau/CCID/-/issues/13">HP Zbook AU9540</a>"
</li>
<li>
"<a href="https://github.com/LudovicRousseau/CCID/issues/84">Problem with Alcor MicroAU9540</a>"
</li>
<li>
"<a href="https://github.com/LudovicRousseau/PCSC/issues/122">Alcor AU9540 NotRecognizing New PIV</a>"
</li>
</ul>
<h3 style="text-align: left;">Example of cards in reported problems<br /></h3>
<p>The reader is always the same but used with different cards.<br /></p>
<ul style="text-align: left;">
<li>
<a href="https://smartcard-atr.apdu.fr/parse?ATR=3BD6970081B1FE451F078031C1521118F9">NASA Personal Identity Verification (PIV) card (eID)</a><br />
</li>
<li>
<a href="https://smartcard-atr.apdu.fr/parse?ATR=3B9C978011405275746F6B656E4543507363C0">Aktiv Rutoken ECP 3.0 NFC (PKI)</a>
<br />
</li>
<li>
<a href="https://smartcard-atr.apdu.fr/parse?ATR=3BD6970081B1FE451F878031C152411A2B">Oberthur Technologies ID-One PIV/CIV on V8 Device (eID)</a> <br />
</li>
</ul>
<div style="text-align: left;">
<p>
The card must have a
<a href="https://ludovicrousseau.blogspot.com/2016/04/atr-statistics-ta1-global-encodes-fi.html">TA<sub>1</sub></a>
> 0x95. To know the TA<sub>1</sub> of your smart card you need to get and
parse the card's ATR, for example using pcsc_scan program from
<a href="http://ludovic.rousseau.free.fr/softwares/pcsc-tools/">pcsc-tools</a>.<br />
</p>
</div>
<h2 style="text-align: left;">The problem <br /></h2>
<p>
The reader declares it can support card/reader communication speed up to
688 172 bps.<br />See
<a href="https://ludovicrousseau.blogspot.com/2014/07/ccid-descriptor-statistics-dwmaxdatarate.html">dwMaxDataRate</a>
field in
<a href="https://ccid.apdu.fr/ccid/readers/AlcorMicro_AU9560.txt">AlcorMicro_AU9560.txt</a>.
</p>
<p>
It is fast but I have
<a href="https://ccid.apdu.fr/select_readers/?dwMaxDataRate%E2%89%A5688173&features%E2%89%A0contactless">4.5 % of readers in my list</a>
that declare to be faster (not including contactless readers).<br />
</p>
<p>
But speeds above ~200 000 bps are problematic with the AlcorMicro AU9560.
It works fine, until an APDU exchange fails with a "Hardware error" (for
example) message from the reader:
</p>
<pre>00000009 APDU: 00 A4 00 00 02 3F 00 00
00000007 ifdhandler.c:1333:IFDHTransmitToICC() usb:058f/9540:libudev:0:/dev/bus/usb/001/002 (lun: 0)
00000006 commands.c:1670:CmdXfrBlockAPDU_extended() T=0 (extended): 8 bytes
00000017 -> 000000 6F 08 00 00 00 00 0E 00 00 00 00 A4 00 00 02 3F 00 00
02734396 <- 000000 80 00 00 00 00 00 0E 41 <span style="background-color: #fcff01;"><span style="color: red;">FB</span></span> 00
00000025 commands.c:1563:CCID_Receive <span style="background-color: #fcff01;"><span style="color: red;">Hardware error</span></span>
00000009 APDU: 00 A4 00 00 02 3F 00 00</pre>
<h2 style="text-align: left;">Where are the bogus readers? <br /></h2>
<p>
The AlcorMicro AU9560 is not a stand alone USB reader. It must be integrated
in a laptop. For example it is present in these laptop models:<br />
</p>
<ul style="text-align: left;">
<li>Lenovo Thinkpad P17</li>
<li>Lenovo Thinkpad L15</li>
<li>Lenovo X1 Extreme Gen 2</li>
<li>HP Zbook</li>
<li>HP EliteBook.</li>
</ul>
<p>
I guess the same AlcorMicro AU9560 reader is present in a lot of other Lenovo
or HP laptops and also laptops from other brands.
</p>
<h2 style="text-align: left;">Patch</h2>
<p>
I worked on a patch to remove the highest speeds so that the CCID driver will
negotiate a lower speed that is still supported by the reader.
</p>
<p></p>
<h2 style="text-align: left;">Problem with the patch <br /></h2>
<p>
My patch works fine with one card I have (<a href="https://smartcard-atr.apdu.fr/parse?ATR=3BDC96FF8111FE8031C8544356350773FFA1C03C">NXP JCOP 4</a>). But it generates problems with another card (<a href="https://smartcard-atr.apdu.fr/parse?ATR=3BDF96FF910131FE4680319052410264050200AC73D622C017">Acos-ID</a>).
</p>
<p>
The error occurs when the driver set the communication speed. The Set
Parameters commands fails and the driver gets a "Card absent or mute" error.
</p>
<pre>00000004 [140396399142464] commands.c:2324:SetParameters() length: 7 bytes
00000006 [140396399142464] -> 000000 61 07 00 00 00 00 07 01 00 00 95 10 FF 46 00 FE 00
01646726 [140396415927872] ccid_usb.c:1532:InterruptRead() after (0) (2)
00621370 [140396399142464] <- 000000 82 00 00 00 00 00 07 41 <span style="color: red;">FE</span> 00
00000025 [140396399142464] commands.c:2351:SetParameters <span style="background-color: #fcff01;"><span style="color: red;">Card absent or mute</span></span>
00000005 [140396399142464] prothandler.c:141:PHSetProtocol() Set PTS failed (612)</pre>
<p>I suspect the problem to be specific to this card. But I am not sure. That is why I need your help to test with as much possible combinations as possible.<br /></p>
<h2 style="text-align: left;">Your help is welcome</h2>
<p> If your have:</p>
<ol style="text-align: left;">
<li>a laptop with the AlcorMicro AU9560 smart card reader<br /></li>
<li>a fast enough smart card (i.e. TA<sub>1</sub> > 0x95)</li>
</ol>
<p>then you can help me.</p>
<p>
The AlcorMicro AU9560 and the AlcorMicro AU9540 both use the same USB
idProduct value of 0x9540 even if the two readers are a bit different. So even
if you have a AU9560 the PC/SC name will be "Alcor Micro AU9540 xx yy". If you
do not know what reader you have just suppose you have a AU9560.<br />
</p>
<p>
You can check the 2 conditions above (AlcorMicro and TA1 value) using the
<file>pcsc_scan</file> tools. See
</p>
<pre>$ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: <span style="background-color: #fcff01;">Alcor Micro AU9540</span> 00 00
Sat Dec 17 11:02:51 2022
Reader 0: Alcor Micro AU9540 00 00
Event number: 0
Card state: Card inserted, Shared Mode,
ATR: 3B DC 96 FF 81 11 FE 80 31 C8 54 43 56 35 07 73 FF A1 C0 3C
ATR: 3B DC 96 FF 81 11 FE 80 31 C8 54 43 56 35 07 73 FF A1 C0 3C
+ TS = 3B --> Direct Convention
+ T0 = DC, Y(1): 1101, K: 12 (historical bytes)
<span style="background-color: #fcff01;">TA(1) = 96</span> --> Fi=512, Di=32, 16 cycles/ETU
250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
TC(1) = FF --> Extra guard time: 255 (special value)
TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
TD(2) = 11 --> Y(i+1) = 0001, Protocol T = 1
-----
TA(3) = FE --> IFSC: 254
+ Historical bytes: 80 31 C8 54 43 56 35 07 73 FF A1 C0
[...]<br />+ TCK = 3C (correct checksum)
Possibly identified card (using /home/rousseau/.cache/smartcard_list.txt):
3B DC 96 FF 81 11 FE 80 31 C8 54 43 56 35 07 73 FF A1 C0 3C
NXP JCOP 4, J3R200P0X3U/0ZA16CP NXD6.2 (JavaCard)
</pre>
<p>Please do:</p>
<div>
<ol style="text-align: left;">
<li>
download, build and install the patched version of the CCID driver from
<a href="https://ccid.apdu.fr/files/ccid-1.5.1-3ac3a1a.tar.bz2">https://ccid.apdu.fr/files/ccid-1.5.1-3ac3a1a.tar.bz2</a><br />
</li>
<li>test it fixes the problems you had with the previous CCID driver</li>
<li>
test it does not create new problems that were not present with the
previous CCID driver
</li>
<li>if a new problem appears I would like you to report it including:</li>
<ol>
<li>the exact computer model you use</li>
<li>the name and ATR of the smart card you use</li>
<li>
a complete pcscd trace as documented in
<a href="https://ccid.apdu.fr/#support">How to get support</a>
</li>
</ol>
</ol>
You can report your results using different channels:
</div>
<div>
<ol style="text-align: left;">
<li>
on the
<a href="https://lists.infradead.org/mailman/listinfo/pcsclite-muscle">MUSCLE mailing list</a>
</li>
<li>
by email to
<a href="mailto: ludovic.rousseau@free.fr?subject=AU9560">me</a>
</li>
<li>
by creating a new issue on the
<a href="https://github.com/LudovicRousseau/CCID">CCID project</a> <br />
</li>
</ol>
</div>
<div>
<h2 style="text-align: left;">Conclusion</h2>
<p>
Your help will greatly improve support of this reader commonly found in
laptops.</p><p>Thank you.</p><h2 style="text-align: left;">[Update: Jan, 20th 2023]</h2><p>The <a href="https://github.com/LudovicRousseau/CCID/commit/c81c512ba7159ad35a41deaf4d294ee4cc399920">patch</a> is now included in the CCID driver and will be present in the CCID release 1.5.2 (to be released later).</p><h2 style="text-align: left;">[Update: Jan, 31th 2023]</h2><p>The CCID driver <a href="https://ludovicrousseau.blogspot.com/2023/01/new-version-of-libccid-152.html">version 1.5.2</a> is now available.</p><p>Support of the AlcorMicro AU9560 should be better now.<br />
</p>
</div>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-89523482720352411692022-11-29T18:28:00.000+01:002022-11-29T18:28:21.648+01:00 PC/SC sample in TypeScript (Deno)<p>
To continue the list of PC/SC wrappers initiated in 2010 with "<a href="http://ludovicrousseau.blogspot.fr/2010/04/pcsc-sample-in-different-languages.html">PC/SC sample in different languages</a>" I now present a new sample code in <a href="https://deno.land/">Deno</a> a
modern runtime for JavaScript and TypeScript.
</p>
<h2 style="text-align: left;">pcsc-deno</h2>
<p>
The wrapper is available at
<a href="https://github.com/cryptographix/pcsc-deno">https://github.com/cryptographix/pcsc-deno</a>
and <a href="https://deno.land/x/pcsc">https://deno.land/x/pcsc</a>
</p>
<p>
The author is
<a href="https://github.com/cryptographix">Sean Michael Wykes</a>. <br />
</p>
<p>
The license is
<a href="https://github.com/cryptographix/pcsc-deno/blob/master/LICENSE.md">MIT</a>.
</p>
<p>
I used version
<a href="https://github.com/cryptographix/pcsc-deno/releases/tag/v0.4">0.4</a>.<br />This version includes the fixes I proposed for GNU/Linux.<br />
</p>
<h2 style="text-align: left;">Deno</h2>
<p>
From Wikipedia
<a href="https://en.wikipedia.org/wiki/Deno_(software)">Deno article</a>:
</p>
<p></p>
<blockquote>
Deno is a runtime for JavaScript, TypeScript, and WebAssembly that is based on
the V8 JavaScript engine and the Rust programming language. Deno was
co-created by Ryan Dahl, who also created Node.js. <br /><br />Deno explicitly
takes on the role of both runtime and package manager within a single
executable, rather than requiring a separate package-management program.
</blockquote>
<p></p>
<p><br /></p>
<h2 style="text-align: left;">Installation</h2>
<p>
Installation is very easy. First install Deno as documented in
<a href="https://deno.land/#installation">https://deno.land/#installation</a>
</p>
<p>
The PC/SC wrapper will be downloaded and installed automatically at run
time.<br />
</p>
<h2 style="text-align: left;">Source code</h2>
<!--Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite-->
<pre><tt>import <font color="#FF0000">{</font>
CommandAPDU<font color="#990000">,</font>
ContextProvider<font color="#990000">,</font>
ISO7816<font color="#990000">,</font>
PCSC<font color="#990000">,</font>
<font color="#FF0000">}</font> from <font color="#FF0000">'https://deno.land/x/pcsc/mod.ts'</font><font color="#990000">;</font>
<b><font color="#0000FF">try</font></b> <font color="#FF0000">{</font>
<i><font color="#9A1900">// establish a PC/SC context</font></i>
<b><font color="#0000FF">const</font></b> context <font color="#990000">=</font> ContextProvider<font color="#990000">.</font><b><font color="#000000">establishContext</font></b><font color="#990000">();</font>
<i><font color="#9A1900">// get all available readers</font></i>
<b><font color="#0000FF">const</font></b> readers <font color="#990000">=</font> context<font color="#990000">.</font><b><font color="#000000">listReaders</font></b><font color="#990000">();</font>
<b><font color="#0000FF">for</font></b> <font color="#990000">(</font><b><font color="#0000FF">const</font></b> reader of readers<font color="#990000">)</font> <font color="#FF0000">{</font>
console<font color="#990000">.</font><b><font color="#000000">log</font></b><font color="#990000">(</font>`Using reader<font color="#990000">:</font> $<font color="#FF0000">{</font>reader<font color="#990000">.</font>name<font color="#FF0000">}</font>`<font color="#990000">);</font>
<b><font color="#0000FF">if</font></b> <font color="#990000">(</font>reader<font color="#990000">.</font>isMute<font color="#990000">)</font> <font color="#FF0000">{</font>
console<font color="#990000">.</font><b><font color="#000000">log</font></b><font color="#990000">(</font>`Reader $<font color="#FF0000">{</font>reader<font color="#990000">.</font>name<font color="#FF0000">}</font><font color="#990000">:</font> MUTE`<font color="#990000">);</font>
<font color="#FF0000">}</font> <b><font color="#0000FF">else</font></b> <b><font color="#0000FF">if</font></b> <font color="#990000">(</font>reader<font color="#990000">.</font>isPresent<font color="#990000">)</font> <font color="#FF0000">{</font>
<i><font color="#9A1900">// connect</font></i>
<b><font color="#0000FF">const</font></b> card <font color="#990000">=</font> await reader<font color="#990000">.</font><b><font color="#000000">connect</font></b><font color="#990000">();</font>
<i><font color="#9A1900">// send Select Applet APDU</font></i>
<b><font color="#0000FF">const</font></b> selectApplet <font color="#990000">=</font> CommandAPDU
<font color="#990000">.</font><b><font color="#000000">from</font></b><font color="#990000">([</font>ISO7816<font color="#990000">.</font>CLA<font color="#990000">.</font>ISO<font color="#990000">,</font> ISO7816<font color="#990000">.</font>INS<font color="#990000">.</font>SelectFile<font color="#990000">,</font> <font color="#993399">0x04</font><font color="#990000">,</font> <font color="#993399">0x00</font><font color="#990000">])</font> <i><font color="#9A1900">// ISO SELECT</font></i>
<font color="#990000">.</font><b><font color="#000000">setData</font></b><font color="#990000">([</font><font color="#993399">0xA0</font><font color="#990000">,</font> <font color="#993399">0x00</font><font color="#990000">,</font> <font color="#993399">0x00</font><font color="#990000">,</font> <font color="#993399">0x00</font><font color="#990000">,</font> <font color="#993399">0x62</font><font color="#990000">,</font> <font color="#993399">0x03</font><font color="#990000">,</font> <font color="#993399">0x01</font><font color="#990000">,</font> <font color="#993399">0x0C</font><font color="#990000">,</font> <font color="#993399">0x06</font><font color="#990000">,</font> <font color="#993399">0x01</font><font color="#990000">]);</font>
<b><font color="#0000FF">const</font></b> resp <font color="#990000">=</font> await card<font color="#990000">.</font><b><font color="#000000">transmitAPDU</font></b><font color="#990000">(</font>selectApplet<font color="#990000">);</font>
<i><font color="#9A1900">// check for 0x90 0x00</font></i>
<b><font color="#0000FF">if</font></b> <font color="#990000">(</font>resp<font color="#990000">.</font>SW <font color="#990000">==</font> ISO7816<font color="#990000">.</font>SW<font color="#990000">.</font>SUCCESS<font color="#990000">)</font> <font color="#FF0000">{</font>
<i><font color="#9A1900">// success ..</font></i>
console<font color="#990000">.</font><b><font color="#000000">log</font></b><font color="#990000">(</font>`Reader $<font color="#FF0000">{</font>reader<font color="#990000">.</font>name<font color="#FF0000">}</font><font color="#990000">:</font> applet successfully selected`<font color="#990000">);</font>
<i><font color="#9A1900">// send Test APDU</font></i>
<b><font color="#0000FF">const</font></b> command <font color="#990000">=</font> CommandAPDU
<font color="#990000">.</font><b><font color="#000000">from</font></b><font color="#990000">([</font>ISO7816<font color="#990000">.</font>CLA<font color="#990000">.</font>ISO<font color="#990000">,</font> <font color="#993399">0</font><font color="#990000">,</font> <font color="#993399">0</font><font color="#990000">,</font> <font color="#993399">0</font><font color="#990000">]);</font>
<b><font color="#0000FF">const</font></b> resp <font color="#990000">=</font> await card<font color="#990000">.</font><b><font color="#000000">transmitAPDU</font></b><font color="#990000">(</font>command<font color="#990000">);</font>
<b><font color="#0000FF">if</font></b> <font color="#990000">(</font>resp<font color="#990000">.</font>SW <font color="#990000">==</font> ISO7816<font color="#990000">.</font>SW<font color="#990000">.</font>SUCCESS<font color="#990000">)</font> <font color="#FF0000">{</font>
<i><font color="#9A1900">// success ..</font></i>
console<font color="#990000">.</font><b><font color="#000000">log</font></b><font color="#990000">(</font>`Reader $<font color="#FF0000">{</font>reader<font color="#990000">.</font>name<font color="#FF0000">}</font><font color="#990000">:</font> Test command successful`<font color="#990000">);</font>
<i><font color="#9A1900">// convert from bytes to string and display</font></i>
console<font color="#990000">.</font><b><font color="#000000">log</font></b><font color="#990000">(</font>String<font color="#990000">.</font>fromCharCode<font color="#990000">.</font><b><font color="#000000">apply</font></b><font color="#990000">(</font><b><font color="#0000FF">null</font></b><font color="#990000">,</font> resp<font color="#990000">.</font>data<font color="#990000">));</font>
<font color="#FF0000">}</font> <b><font color="#0000FF">else</font></b> <font color="#FF0000">{</font>
<i><font color="#9A1900">// something went wrong ..</font></i>
console<font color="#990000">.</font><b><font color="#000000">error</font></b><font color="#990000">(</font>
`Reader $<font color="#FF0000">{</font>reader<font color="#990000">.</font>name<font color="#FF0000">}</font><font color="#990000">:</font> error SW<font color="#990000">=</font>$<font color="#FF0000">{</font>resp<font color="#990000">.</font>SW<font color="#990000">.</font><b><font color="#000000">toString</font></b><font color="#990000">(</font><font color="#993399">16</font><font color="#990000">)</font><font color="#FF0000">}</font>`<font color="#990000">,</font>
<font color="#990000">);</font>
<font color="#FF0000">}</font>
<font color="#FF0000">}</font> <b><font color="#0000FF">else</font></b> <font color="#FF0000">{</font>
<i><font color="#9A1900">// something went wrong ..</font></i>
console<font color="#990000">.</font><b><font color="#000000">error</font></b><font color="#990000">(</font>
`Reader $<font color="#FF0000">{</font>reader<font color="#990000">.</font>name<font color="#FF0000">}</font><font color="#990000">:</font> error SW<font color="#990000">=</font>$<font color="#FF0000">{</font>resp<font color="#990000">.</font>SW<font color="#990000">.</font><b><font color="#000000">toString</font></b><font color="#990000">(</font><font color="#993399">16</font><font color="#990000">)</font><font color="#FF0000">}</font>`<font color="#990000">,</font>
<font color="#990000">);</font>
<font color="#FF0000">}</font>
<i><font color="#9A1900">// unpower and disconnect</font></i>
await card<font color="#990000">.</font><b><font color="#000000">disconnect</font></b><font color="#990000">(</font>PCSC<font color="#990000">.</font>Disposition<font color="#990000">.</font>UnpowerCard<font color="#990000">);</font>
<font color="#FF0000">}</font> <b><font color="#0000FF">else</font></b> <font color="#FF0000">{</font>
console<font color="#990000">.</font><b><font color="#000000">log</font></b><font color="#990000">(</font>`Reader $<font color="#FF0000">{</font>reader<font color="#990000">.</font>name<font color="#FF0000">}</font><font color="#990000">:</font> NO CARD`<font color="#990000">);</font>
<font color="#FF0000">}</font>
<font color="#FF0000">}</font>
<i><font color="#9A1900">// release the PC/SC context</font></i>
context<font color="#990000">.</font><b><font color="#000000">shutdown</font></b><font color="#990000">();</font>
<font color="#FF0000">}</font> <b><font color="#0000FF">catch</font></b> <font color="#990000">(</font>e<font color="#990000">:</font> PCSCException<font color="#990000">)</font> <font color="#FF0000">{</font>
console<font color="#990000">.</font><b><font color="#000000">log</font></b><font color="#990000">(</font>e<font color="#990000">,</font> <font color="#FF0000">"error"</font><font color="#990000">);</font>
<font color="#FF0000">}</font>
</tt></pre>
<p><br /></p>
<h2 style="text-align: left;">Output</h2>
<pre>$ deno run --unstable --allow-ffi blog.ts
Using reader: Gemalto PC Twin Reader (F8345B4A) 00 00
Reader Gemalto PC Twin Reader (F8345B4A) 00 00: applet successfully selected
Reader Gemalto PC Twin Reader (F8345B4A) 00 00: command successful
Hello world!</pre>
<p><br /></p>
<h2 style="text-align: left;">Conclusion</h2>
<p>Nothing special to say. Thanks Sean for the wrapper.<br /></p><p>
<span>If you work on a </span>Free Software PC/SC wrapper that is not yet in
my list please let me know.
</p><p></p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-45598262482839871242022-11-16T18:04:00.001+01:002022-11-16T18:04:49.334+01:00Share a smart card reader between a host and its guest VM(s)<p>
As I wrote in "<a href="https://ludovicrousseau.blogspot.com/2022/02/one-smart-card-reader-accessible-from.html">One smart card reader accessible from many computers</a>" it is possible to share a smart card reader between 2 or more systems.<br />
</p>
<p> </p>
<h2 style="text-align: left;">Problem <br /></h2>
<p>
I recently received a bug report about a problem between pcsc-lite and
VirtualBox. When the smart card reader is connected to the VM guest then the
kernel on the host reports errors like:
</p>
<pre>2022-11-11T14:25:01.186983-08:00 track <span style="background-color: #04ff00;">pcscd[2474]:</span> 00000001 eventhandler.c:336:EHStatusHandlerThread() <span style="background-color: #fcff01;">Error communicating to:</span> SCM Microsystems Inc. SCR 3310 [CCID Interface] (53311514247933) 00 00 </pre>
<pre>2022-11-11T14:25:01.186993-08:00 track <span style="background-color: #04ff00;">pcscd[2474]:</span> 00000005 ccid_usb.c:1356:InterruptRead() <span style="background-color: #fcff01;">libusb_submit_transfer failed: LIBUSB_ERROR_IO</span> </pre>
<pre>2022-11-11T14:25:01.188050-08:00 track <span style="background-color: #04ff00;">kernel:</span> [ 1247.705353][ T2521] usb 1-2: usbfs: <span style="background-color: #fcff01;">process 2521 (pcscd) did not claim interface 0 before use</span> </pre>
<pre>2022-11-11T14:25:01.188053-08:00 track <span style="background-color: #04ff00;">kernel:</span> [ 1247.705386][ T2521] usb 1-2: usbfs: <span style="background-color: #fcff01;">process 2521 (pcscd) did not claim interface 0 before use</span> </pre>
<pre>2022-11-11T14:25:01.587034-08:00 track <span style="background-color: #04ff00;">pcscd[2474]:</span> 00400173 ccid_usb.c:865:WriteUSB() <span style="background-color: #fcff01;">write failed (1/2): -1 LIBUSB_ERROR_IO</span> </pre>
<pre>2022-11-11T14:25:01.587076-08:00 track <span style="background-color: #04ff00;">pcscd[2474]:</span> 00000008 ifdwrapper.c:364:IFDStatusICC() <span style="background-color: #fcff01;">Card not transacted: 612</span><br /></pre>
<p>And after some times (in days) the host kernel crashes.</p>
<p>
A Linux kernel crash is never a good thing. pcsc-lite may be very powerful but
it can't crash the Linux kernel. Only a bug in the kernel itself can generate
a crash. Here I suspect the VirtualBox Linux kernel module to do something
bad.<br /> <br /></p><h2 style="text-align: left;">Solution</h2>
<p>
Instead of connecting the USB smart card reader in the guest VM (and
disconnecting it from the host) it is possible to share the smart card
reader(s) between the host and guest with some help from pcsc-lite.
<br /><br /></p>
<h2 style="text-align: left;">Setup</h2>
<p>My demo setup: <br /></p>
<ul>
<li>Host: <a href="https://www.debian.org/">Debian testing</a> system</li>
<li>
Guest: <a href="https://netbsd.org/">NetBSD 9.3</a> running inside
<a href="https://www.linux-kvm.org/page/Main_Page">KVM</a> (Kernel Virtual
Machine).<br />
</li>
</ul>
<p>
I use 2 very different operating systems, GNU/Linux and NetBSD, on purpose. It
is to show it is possible to mix systems. </p><h3 style="text-align: left;">Host <br /></h3>
<p>In the host, no change to the configuration. But we will redirect (inject)
<file>/run/pcscd/pcscd.comm</file> in the virtual machine. </p><p>On the Debian host I run:</p>
<pre>$ ssh -N -R/tmp/pcscd.comm:/run/pcscd/pcscd.comm VMNetBSD</pre>
<h3 style="text-align: left;">Guest <br /></h3><p>On the NetBSD VM I use:</p>
<pre>$ export PCSCLITE_CSOCK_NAME=/tmp/pcscd.comm</pre>
<p>
Then I can run any application using pcsc-lite and get access to the smart
card(s) and reader(s) from the host. For example: <br />
</p>
<pre>$ pcsc_scan -c<br />
Wed Nov 16 17:26:55 2022
Reader 0: <span style="color: #ff00fe;">Alcor Micro AU9540 00 00</span>
Event number: <span style="color: #ff00fe;">0</span>
Card state: <span style="color: red;">Card inserted, </span>
ATR: <span style="color: #ff00fe;">3B A7 00 40 18 80 65 A2 08 01 01 52</span></pre>
<p>With a screenshot:</p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgykbWk0tjTwjHLyKyNayocfd80wsqDdVhwiI3vrVT6rMDDLYQwGULKKW9vSNiw4fmU2a1md6WlcF4T56XMGoVO9MkaG2dF4au_09JXrJCugVL-eWoAzPaKzRjo51U2OdUqfs_3u8G_Cr9ry8tUqp7sxefFHBhdWXC5B_5ljZnI5NvEazxl2oRue6FI/s758/NetBSD.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="518" data-original-width="758" height="438" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgykbWk0tjTwjHLyKyNayocfd80wsqDdVhwiI3vrVT6rMDDLYQwGULKKW9vSNiw4fmU2a1md6WlcF4T56XMGoVO9MkaG2dF4au_09JXrJCugVL-eWoAzPaKzRjo51U2OdUqfs_3u8G_Cr9ry8tUqp7sxefFHBhdWXC5B_5ljZnI5NvEazxl2oRue6FI/w640-h438/NetBSD.png" width="640" /></a>
</div>
<br />
<h2 style="text-align: left;">Limitations</h2>
<h3 style="text-align: left;">pcsc-lite to pcsc-lite</h3>
<p>As I demonstrated the solution is not limited to GNU/Linux. Any Unix system using pcsc-lite can be used. But you must use the same pcsc-lite protocol on both sides.</p><p>For example the current protocol version used by pcsc-lite 1.9.9 (current version) is 4.4. It is the same protocol version since pcsc-lite 1.8.24 released in Oct 2018.<br /></p>
<h3 style="text-align: left;">macOS or Windows host <br /></h3>
<p>
It should be technically possible to use Windows or macOS as the host OS. That would involve a new development. Contact me if you need something like that.
<br /><br /></p>
<h2 style="text-align: left;">Conclusion</h2>
<p>No need to disconnect/reconnect the USB reader in the VM. Just share it with the host.</p><p>You will be able to use the same smart card at the same time on the two sides. Isn't it nice?<br /></p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-33736519001963015472022-11-15T15:41:00.000+01:002022-11-15T15:41:22.057+01:00macOS Ventura and smart cards status<p>Ventura (macOS 13.0) is now available since October, 2022.</p>
<p>
I will compare this version to the previous one in Monterey I presented in
<a href="https://ludovicrousseau.blogspot.com/2021/11/macos-monterey-and-smart-cards-status.html">macOS Monterey and smart cards status</a>.
</p>
<p></p>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4pRh8K-VbFMqESxW5kGux44epi3PNjAi_ph02SfBNOfxC3C-cmQ3bYh7B8aCdjy2YLbBXdgCrSnWKYqvO8cLOjuzo8cKWQti_kmlQcTNUrPFQdC02TGR2rcW5mLJzf3UNUa1JieR7k4akkM38Whl-5WId87gs1jpXz5kYUrZNG7XiHAq57dbhI-nL/s1068/macos-13-ventura-beta-1068x528.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="528" data-original-width="1068" height="317" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4pRh8K-VbFMqESxW5kGux44epi3PNjAi_ph02SfBNOfxC3C-cmQ3bYh7B8aCdjy2YLbBXdgCrSnWKYqvO8cLOjuzo8cKWQti_kmlQcTNUrPFQdC02TGR2rcW5mLJzf3UNUa1JieR7k4akkM38Whl-5WId87gs1jpXz5kYUrZNG7XiHAq57dbhI-nL/w640-h317/macos-13-ventura-beta-1068x528.jpg" width="640" /></a>
</div>
<p></p>
<h2 style="text-align: left;">CCID</h2>
<!--Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite-->
<pre><tt>$ grep -A 1 CFBundleShortVersionString /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
<b><font color="#0000FF"><key></font></b>CFBundleShortVersionString<b><font color="#0000FF"></key></font></b>
<b><font color="#0000FF"><string></font></b><span style="background-color: #fcff01;">1.5.0</span><b><font color="#0000FF"></string></font></b>
</tt></pre>
<p>
The CCID driver has been upgraded from version 1.4.34 as in Monterey to
version 1.5.0.<br /> <br /></p><div>
<h2 style="text-align: left;">Apple Open Source</h2>
<div style="text-align: left;">
The Open Source components included in macOS are listed at
<a href="https://opensource.apple.com/releases/">https://opensource.apple.com/releases/</a>
</div>
<div style="text-align: left;"> </div>
<div style="text-align: left;">
In addition to a
<a href="https://github.com/apple-oss-distributions/SmartcardCCID/archive/SmartcardCCID-55031.tar.gz">.tar.gz archive</a>, the source code is also available in a
<a href="https://en.wikipedia.org/wiki/GitHub">github</a> (acquired by
Microsoft in 2018) repository at
<a href="https://github.com/apple-oss-distributions/SmartcardCCID">https://github.com/apple-oss-distributions/SmartcardCCID</a>.
</div>
<div style="text-align: left;"> </div>
<div style="text-align: left;">
It is then easy to see the
<a href="https://github.com/apple-oss-distributions/SmartcardCCID/tree/main/ccid/files">patches</a>
applied by Apple to the CCID driver:
</div>
<div style="text-align: left;">
<ul style="text-align: left;">
<li>
<a href="https://github.com/apple-oss-distributions/SmartcardCCID/blob/main/ccid/files/ForceWithoutPcsc.patch">ForceWithoutPcsc.patch</a>
</li>
<li>
<a href="https://github.com/apple-oss-distributions/SmartcardCCID/blob/main/ccid/files/ccid-info-plist.patch">ccid-info-plist.patch</a>
</li>
<li>
<a href="https://github.com/apple-oss-distributions/SmartcardCCID/blob/main/ccid/files/destDirFix.patch">destDirFix.patch</a>
</li>
<li>
<a href="https://github.com/apple-oss-distributions/SmartcardCCID/blob/main/ccid/files/headerpadLDFlags.patch">headerpadLDFlags.patch</a>
</li>
<li>
<a href="https://github.com/apple-oss-distributions/SmartcardCCID/blob/main/ccid/files/osxConfigure.patch">osxConfigure.patch</a> <br />
</li>
</ul>
</div>
<div style="text-align: left;">
But the patches have <b>no</b> documentation on the <i>why</i> the patches
are needed.
</div>
<div style="text-align: left;"> </div>
<div style="text-align: left;">
The only obvious patch is
<a href="https://github.com/apple-oss-distributions/SmartcardCCID/blob/main/ccid/files/ccid-info-plist.patch">ccid-info-plist.patch</a>
that changes the value of <code>ifdLogLevel</code> from <file>Info.plist</file> configuration file from 3 (CRITICAL + INFO) to 1
(CRITICAL) in order to generate less logs.
</div>
<div style="text-align: left;"> </div>
<div style="text-align: left;">
It is also easy to compare two versions. For example the differences between
the version for Monterey and the version for Ventura is available as a
<a href="https://github.com/apple-oss-distributions/SmartcardCCID/compare/SmartcardCCID-55031...rel/SmartcardCCID-55013">github diff</a>
between tags SmartcardCCID-55028 and SmartcardCCID-55031.<br />
</div>
<div style="text-align: left;"><br /></div>
<div style="text-align: left;">
<h2>Crypto Token Kit</h2>
<div style="text-align: left;">
Nothing special to say. The source code of this part is not available.
</div>
<div style="text-align: left;"> </div>
<div style="text-align: left;">
My Objective-C sample
<a href="https://ludovicrousseau.blogspot.com/2017/03/pcsc-sample-in-objective-c-synchronous.html">"PC/SC" sample in Objective-C (synchronous)</a>
still builds and works fine. <br />
</div>
<div style="text-align: left;"> </div>
<div style="text-align: left;">
<h2 style="text-align: left;">Security message on first connection</h2>
</div>
<div style="text-align: left;">
On the first connection of my USB smart card reader I got this dialogue
box:
</div>
<div style="text-align: left;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjql9cYHo37EUgA_HpjGNYCKXniixmjzNJtQ6Gqte1pnlht5LLGN9Ahr-C2hOZzjQW7vk6AaHB1H8ZPDYWowXlTPEkmzbzXqGYaxsrgmVx4d-mBJhcDNttmzVxRdfNNsY4NomT1Se2IxBrBT28Zw7Bwfta0til-qEHsTKP8ZY0rKVXeShSnMBwdgSaj/s744/Allow%20accessory%20to%20connect.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="692" data-original-width="744" height="372" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjql9cYHo37EUgA_HpjGNYCKXniixmjzNJtQ6Gqte1pnlht5LLGN9Ahr-C2hOZzjQW7vk6AaHB1H8ZPDYWowXlTPEkmzbzXqGYaxsrgmVx4d-mBJhcDNttmzVxRdfNNsY4NomT1Se2IxBrBT28Zw7Bwfta0til-qEHsTKP8ZY0rKVXeShSnMBwdgSaj/w400-h372/Allow%20accessory%20to%20connect.png" width="400" /></a>
</div>
It is nice to see the security improvements.</div><div style="text-align: left;"></div><div style="text-align: left;"> </div><div style="text-align: left;">As expected, I do not get the dialogue box again after I selected "Allow".<br /><br />
</div>
</div>
</div>
<h2 style="text-align: left;">Conclusion</h2>
<p>No big changes in Ventura for the smart card world.</p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-50854328845850494462022-11-14T15:15:00.000+01:002022-11-14T15:15:22.258+01:00 New version of libccid: 1.5.1<p>
I just released <a href="https://ccid.apdu.fr/files/">version 1.5.1</a> of
<a href="https://ccid.apdu.fr/">libccid</a> the Free Software CCID class smart
card reader driver.
</p>
<h3 style="text-align: left;">Changes:</h3>
<div style="text-align: left;">
1.5.1 - 14 November 2022, Ludovic Rousseau<br />
<ul style="text-align: left;">
<li>Add support of</li>
<ul>
<li>
Access IS ATR220 with idProduct: 0x0184
</li>
<li>Alcor Link AK9567</li>
<li>Alcor Link AK9572</li>
<li>BLUTRONICS TAURUS NFC</li>
<li>CHERRY SmartTerminal ST-1144</li>
<li>CREATOR CRT-603(CZ1) CCR</li>
<li>
Dexon Tecnologias Digitais LTDA DXToken
</li>
<li>ESMART Reader ER433x ICC</li>
<li>ESMART Reader ER773x Dual & 1S</li>
<li>Flight system consulting Incredist</li>
<li>Ledger Nano S</li>
<li>Ledger Nano S Plus</li>
<li>Ledger Nano SP</li>
<li>Ledger Nano X</li>
<li>SafeNet eToken Fusion</li>
<li>Sensyl SSC-NFC Reader</li>
</ul>
<li>
Adjust USB drivers path at run-time via environment
variable <code>PCSCLITE_HP_DROPDIR</code>
</li>
<li>configure.ac: add <code>--enable-strict</code> option</li>
<li>
Fix a problem with AUTO PPS readers and ATR convention
inverse cards
</li>
<li>examples/scardcontrol:</li>
<ul>
<li>add support of 6A xx error codes</li>
<li>check WinSCard error early</li>
<li>
parse wLcdLayout & bEntryValidationCondition
</li>
</ul>
<li>macOS: log non sensitive strings as <code>"%{public}s"</code></li>
<li>Some other minor improvements</li>
</ul>
</div>
<p></p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-65869904136778014662022-11-07T15:26:00.002+01:002022-11-07T15:26:33.317+01:00Updated CCID driver for UEFI<p>In 2015 (7 years ago) I ported my <a href="https://ccid.apdu.fr/">CCID</a> driver to UEFI (<a href="https://en.wikipedia.org/wiki/UEFI">Unified Extensible Firmware Interface</a>). For example read "<a href="https://ludovicrousseau.blogspot.com/2016/06/uefi-smart-card-reader-protocol.html">UEFI Smart Card Reader Protocol implementation</a>" and "<a href="https://ludovicrousseau.blogspot.com/2015/05/pcsc-sample-in-c-for-uefi.html">PCSC sample in C for UEFI</a>".<br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc6OOcHj2Sebt1vE7YPL8FQLf4VEhKweL5XX60EZE-O3lTzmyUhoiy4O19umDR5486voS4wecYOUJHC43QgHi62IqQAdx0VzlKb7At3czTm8bMc6Nf21Hhu7QPPIA9iQ-vCguZH-gUbsttLAxCWSV0rDTOF4mzxxUA6U5-ZIRRHqjXYxV0vXCVHOh5/s1634/uefi-logo-2866910653.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1155" data-original-width="1634" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc6OOcHj2Sebt1vE7YPL8FQLf4VEhKweL5XX60EZE-O3lTzmyUhoiy4O19umDR5486voS4wecYOUJHC43QgHi62IqQAdx0VzlKb7At3czTm8bMc6Nf21Hhu7QPPIA9iQ-vCguZH-gUbsttLAxCWSV0rDTOF4mzxxUA6U5-ZIRRHqjXYxV0vXCVHOh5/s320/uefi-logo-2866910653.jpg" width="320" /></a></div><h2 style="text-align: left;">New version</h2><p></p><p>I now updated the driver to use:</p><ul style="text-align: left;"><li>source code from <a href="https://github.com/LudovicRousseau/CCID/releases/tag/1.5.0">CCID driver 1.5.0</a></li><li>source code from <a href="https://github.com/LudovicRousseau/PCSC/releases/tag/1.9.9">pcsc-lite 1.9.9</a></li><li>build using <a href="https://github.com/tianocore/edk2">edk2</a> stable version <a href="https://github.com/tianocore/edk2/releases/tag/edk2-stable202208">edk2-stable202208</a></li></ul><p>The driver is no more a patch for edk2 but an independent UEFI driver in its own repository <a href="https://github.com/LudovicRousseau/UEFI-SmartCardReader">UEFI-SmartCardReader</a>. It should now be easier to build.<br /></p><p>I also updated my samples applications in <a href="https://github.com/LudovicRousseau/UEFI-SmartCardReader-Samples">UEFI-SmartCardReader-Samples</a>.</p><h2 style="text-align: left;">Conclusion</h2><p>This driver will not be used by a lot of people. The driver is for applications that are run in the UEFI (<i>i.e.</i> before the main operating system is started) and with a need to access smart cards.</p><p>If you use it and want to have new features, or just want to discuss, you can contact me. I am curious to know what people can do with it.<br /></p>Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-73583598032844214492022-10-28T13:29:00.000+02:002022-10-28T13:29:20.888+02:00Ubuntu 22.04 and pcscd auto start failure<h2 style="text-align: left;">Problem<br /></h2>
<p>
Since Ubuntu 22.04 LTS there is a problem with PC/SC daemon automatic start.
pcscd is supposed to start when an application makes the first PC/SC call. See "<a href="https://ludovicrousseau.blogspot.com/2011/11/pcscd-auto-start-using-systemd.html">pcscd auto start using systemd</a>". In some cases pcscd will not start and
<a href="https://pcsclite.apdu.fr/api/group__API.html#gaa1b8970169fd4883a6dc4a8f43f19b67">SCardEstablishContext()</a>
will receive the error
<a href="https://pcsclite.apdu.fr/api/group__ErrorCodes.html#gad4729ab109ff490285d2ad881c04bee8">SCARD_E_NO_SERVICE</a>.
</p>
<p>
A ticket is opened at Ubuntu with bug #1971984:
<a href="https://bugs.launchpad.net/ubuntu/+source/pcsc-lite/+bug/1971984">pcscd 1.9.5-3 do not start automatically, only manual</a>
<br />
</p>
<p>
The problem is present on some configurations only. I have no idea why on some
systems it works fine and on some others we have the problem.
</p>
<p>For an unknown reason pcscd.socket is inactive.</p>
<pre>$ systemctl status pcscd.socket
○ pcscd.socket - PC/SC Smart Card Daemon Activation Socket
Loaded: loaded (/lib/systemd/system/pcscd.socket; disabled; vendor preset: enabled)
Active: inactive (dead)
Triggers: ● pcscd.service
Listen: /run/pcscd/pcscd.comm (Stream)</pre>
<div style="text-align: left;"> </div><h2 style="text-align: left;">Fix<br /></h2>
<p>The fix is easy:</p>
<pre>sudo systemctl enable pcscd.socket</pre>
<p>And reboot.</p><p> </p><h2 style="text-align: left;">No problem on Debian</h2><p>The same <a href="https://packages.debian.org/search?keywords=pcscd">pcscd package</a> has no problem on Debian.</p><p>I compared the configuration scripts between the Ubutun and Debian packages and they are the same. I guess the problem comes from systemd or dpkg on Ubuntu and the systemd configuration files are not always installed correctly. Again, no idea why.<br /></p><p><br /></p>
<h2 style="text-align: left;">Conclusion</h2>
<p>The bug is opened since 2022-05-06. I don't know if someone at Ubuntu is working on it.</p><p>The <a href="https://packages.ubuntu.com/search?keywords=pcscd">pcscd package</a> is in the section Universe (Community-Maintained, Open-Source Software) at Ubuntu. It is not in the section Main (Officially Supported, Open-Source Software) so maybe no engineer from Ubuntu is looking at this issue.</p><p>The problem may not be fixed until Ubuntu 24.04, the next LTS version.<br /></p>
Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.comtag:blogger.com,1999:blog-6988918715704433860.post-17982448833306497432022-09-28T14:28:00.000+02:002022-09-28T14:28:08.223+02:00PySCard 2.0.5 released<p>I just released a new version 2.0.5 of pyscard.
<a href="https://pyscard.sourceforge.io/">PySCard</a> is a python module
adding smart cards support (PC/SC) to Python.
</p>
<p>The PySCard project is available at:<br /></p>
<ul><li><a href="https://pypi.python.org/pypi/pyscard">pypi</a></li><li><a href="https://github.com/LudovicRousseau/pyscard">github</a></li><li><a href="https://sourceforge.net/projects/pyscard/">sourceforge</a></li></ul>
<p>This version is a not even a bug fix release. No code has changed.<br /></p><p>The problem is that for the previous version, 2.0.4, I uploaded a incorrect source archive to <a href="https://pypi.org/">Pypi</a>. I inadvertently included some generated files in the .tar.gz archive. I discovered the problem while creating the Debian package. I removed the incorrect file from Pypi. But then it is not possible to upload a new file with a name that was already present on Pypi.</p><p>The source .tar.gz is already present in the <a href="https://sourceforge.net/projects/pyscard/">pyscard</a> project on <a href="http://sourceforge.net">sourceforge.net</a> so I thought it was OK.<br /></p><p>But then I received bug reports like <a href="https://github.com/LudovicRousseau/pyscard/issues/141">Missing source release for 2.0.4?</a> or <a href="https://github.com/LudovicRousseau/pyscard/issues/142">pyscard 2.0.4 not available on linux from pypi</a> so I had to do something.</p><p><br /></p><h3 style="text-align: left;">Changes:</h3><div style="text-align: left;"><ul style="text-align: left;"><li>New version just because I failed the previous upload to <a href="https://pypi.org/">https://pypi.org/</a></li></ul></div>Ludovic Rousseau's bloghttp://www.blogger.com/profile/03766338164446550495noreply@blogger.com