Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Tuesday, July 7, 2020

Smart card Usage in Debian: pcscd and drivers

Debian uses a system to evaluate the popularity of packages called: popularity-contest

Each package has a popcon page with the number of installations of the package and its evolution in time.

popularity-contest

Not every Debian user has the package popularity-contest installed (and enabled). Example with the graph of popularity-contest itself.
The package is installed on 198 548 Debian systems. But we can imagine that Debian is installed in much more than 200 000 systems.

The popularity-contest package is also available in Ubuntu. The Ubuntu results are also available. On Ubuntu the popularity-contest package is installed in 2 796 046 systems. We have a factor of x14 compared to Debian.

So what is important is not the absolute value of installations but the evolution in time and the percentages of installed systems.
I was not able to find the graphs for Ubuntu. So I will only use the results on Debian.

pcsc-lite


pcsc-lite software provides 3 packages: the daemon, the library, the development files. Here we see the 3 packages on the same graph.

libpcsclite1 is, by far, the most installed package. This is because (nearly) all smart card application uses PC/SC and so depends on libpcsclite1.

Package # of installation % of Debian systems
libpcsclite1 124551 62.63%
pcscd 23796 11.96%
libpcsclite-dev 1001 0.50%

On Ubuntu we have:
Package # of installation % of Ubuntu systems
libpcsclite1 2019980 72.2%
pcscd 32834 1.17%
libpcsclite-dev 9494 0.34%

libpcsclite1


The number of installations of libpcsclite1 is much higher than the number of installation of pcscd. But libpcsclite1 is useless without pcscd.

This is because libpcsclite1 is a dependency of some packages that provides a smart card support but not every user is using it. For example wpasupplicant depends on libpcsclite1 but not every users of wpasupplicant are using a smart card.

pcscd

The two spikes occurred when I changed the dependency between libpcsclite1 and pcscd. When libpcsclite1 depends on pcscd then each installation of libpcsclite1 will also install pcscd. See Debian bugs #476483 and #612971.
After I solved the 2 bugs the level went down.

The rise that starts in 2017 should indicate a real use of smart card since that date. That is a good sign.

From the 2 tables above we can notice that pcscd is installed in x10 more Debian systems (11.96%) than Ubuntu systems (1.17%).
My interpretation is that Debian users are more security conscious and use more smart cards than Ubuntu users.

libpcsclite-dev

This package is needed only if you want to build applications using PC/SC. It is expect to have a number of installation far lower than the number of pcscd installations.

Smart card drivers

On Debian, smart card drivers should each provide the virtual package: pcsc-ifd-handler

Package # installations "market share"
libccid 23791 96.06%
libacsccid1 483 1.95%
libifd-cyberjack6 282 1.14%
libasedrive-usb 68 0.27%
libgempc430 54 0.22%
libgcr410
 29 0.12%
libasedrive-serial 23 0.09%
libtowitoko2 22 0.09%
libgempc410 15 0.06%



libccid


CCID is the USB standard for USB smart card readers.
It is also the default driver installed with pcscd. It is then expected that the pcscd and libccid graphs are quiet similar.

libacsccid1


The libacsccid1 driver is a (friendly) fork of my libccid driver adapted to some ACS readers.

libifd-cyberjack6


This driver is for REINER SCT cyberJack USB chipcard readers.

libasedrive


This driver is for Athena ASEDrive IIIe serial and USB devices.

GemPC 410 & 430


I am also the upstream maintainer of 2 other drivers:
  • libgempc410 is a driver for the Gemplus GemPC 41x serial readers.
  • libgempc430 is a driver for the Gemplus GemPC 43x USB readers.
These readers are older than the CCID specification document.
    I am surprised to see systems with these drivers installed. I have not used them myself since ages.

    libgcr410


    This driver is for Gemplus GCR410 serial device.

    libtowitoko2


    This driver is for Towitoko smartcard reader PCSC and CT-API driver.

    Conclusion

    Around 12% of Debian users are using smart cards. I would not have expected so much.
    The percentage on Ubuntu, 1%, is (I imagine) more representative of the general population.

    Thursday, June 25, 2020

    New version of libccid: 1.4.33

    I just released version 1.4.33 of libccid the Free Software CCID class smart card reader driver.

    Changes:

    1.4.33 - 25 June 2020, Ludovic Rousseau
    • Add support of
      • Genesys Logic CCID Card Reader (idProduct: 0x0771)
      • Swissbit Secure USB PU-50n SE/PE
      • TOPPAN FORMS CO.,LTD TC63CUT021
    • add --enable-oslog argument for macOS
      • use os_log(3) for macOS >= 10.12 (Sierra)
    • Update PCSC submodule to get Unicode support
    • Some minor improvements
    Labels: ,

    Sunday, June 14, 2020

    New version of pcsc-lite: 1.9.0

    I just released a new version of pcsc-lite 1.9.0.
    pcsc-lite is a Free Software implementation of the PC/SC (or WinSCard) API for Unix systems.

    This version includes 2 changes I already documented on this blog:
    Because of the major speed improvement I decided to name this version 1.9.0.

    Changes

    1.9.0: Ludovic Rousseau
    14 June 2020
    • SCardEndTransaction(): greatly improve performances (x300)
    • tokenparser: accept any Unicode character in a reader name
    • Use /run instead of /var/run by default
    • Fix a memory leak from a polkit call
    • Some other minor improvements
    Labels:

    Thursday, May 28, 2020

    Unicode characters in a reader name

    It is now possible to use Unicode characters in a reader name.

    History

    Since the beginning of pcsc-lite (at least since the first version of pcsc-lite in 2002 that is in a Version Control System) only a subset of ASCII was considered as legal characters for a PC/SC reader name.

    In 2011 I added the character ";" in the list so that it is possible to use the "&" sign (encoded as "&" since the reader list is encoded as XML in the Info.plist file). This was to support a reader name like "Giesecke & Devrient".

    In 2012 I added the characters "[" and "]".

    In 2020 I add support of any Unicode character.

    This request came from the use of the reader name "SoloKeys Solo ๐Ÿ". See the Salsa ticket "Unicode in USB Product string not supported." for more details.

    Demo

    First example

    ± pcsc_scan 
    Using reader plug'n play mechanism
    Scanning present readers...
    0: ู…ุฑุญุจุง ุจุงู„ุนุงู„ู… ๐Ÿ˜€ ๐ŸŽ‚ 00 00
    1: ืฉืœื•ื ืขื•ืœื ๐Ÿ˜Ž ๐Ÿ˜ผ 01 00
     
    Sat May 16 10:52:58 2020
     Reader 0: ู…ุฑุญุจุง ุจุงู„ุนุงู„ู… ๐Ÿ˜€ ๐ŸŽ‚ 00 00
      Event number: 1
      Card state: Card removed, 
     Reader 1: ืฉืœื•ื ืขื•ืœื ๐Ÿ˜Ž ๐Ÿ˜ผ 01 00
      Event number: 0
      Card state: Card inserted, 
      ATR: 3B BE 96 00 00 41 03 00 00 00 00 00 00 00 00 00 02 90 00
    In case you do not have the correct font installed in your web browser here is a picture version of the same output.

    You can note that the reader names are reversed between the text version and the image version. I let you find what is the "problem" here.

    Second example

    ± pcsc_scan 
Using reader plug'n play mechanism
Scanning present readers...
0: ๐Ÿ˜บ ๐Ÿ˜ธ ๐Ÿ˜น ๐Ÿ˜ป ๐Ÿ˜ผ ๐Ÿ˜ฝ ๐Ÿ™€ ๐Ÿ˜ฟ ๐Ÿ˜พ 00 00
1: ๐Ÿ’‹๐Ÿ’˜๐Ÿ’๐Ÿ’–๐Ÿ’—๐Ÿ’“๐Ÿ’ž๐Ÿ’•๐Ÿ’Ÿ๐Ÿ’”๐Ÿงก๐Ÿ’›๐Ÿ’š๐Ÿ’™๐Ÿ’œ๐Ÿ–ค 01 00
 
Sat May 16 11:17:00 2020
 Reader 0: ๐Ÿ˜บ ๐Ÿ˜ธ ๐Ÿ˜น ๐Ÿ˜ป ๐Ÿ˜ผ ๐Ÿ˜ฝ ๐Ÿ™€ ๐Ÿ˜ฟ ๐Ÿ˜พ 00 00
  Event number: 0
  Card state: Card removed, 
 Reader 1: ๐Ÿ’‹๐Ÿ’˜๐Ÿ’๐Ÿ’–๐Ÿ’—๐Ÿ’“๐Ÿ’ž๐Ÿ’•๐Ÿ’Ÿ๐Ÿ’”๐Ÿงก๐Ÿ’›๐Ÿ’š๐Ÿ’™๐Ÿ’œ๐Ÿ–ค 01 00
  Event number: 0
  Card state: Card inserted, 
  ATR: 3B BE 96 00 00 41 03 00 00 00 00 00 00 00 00 00 02 90 00
    Again with the screen capture:

    Of course you have no obligation to use some many funny Unicode characters in your reader name. It was just an example.

    Availability

    You need to use CCID version 1.4.33 or more and pcsc-lite version 1.9.0 or more.

    These versions are not yet available (when I write this article) so I prepared snapshot of both software at http://ludovic.rousseau.free.fr/softwares/pcsc-lite/. They are pcsc-lite-1.8.26-047789c.tar.bz2 and ccid-1.4.32-e782d48.tar.bz2.

    You can also use the current git version of pcsc-lite and ccid if you know what you do.

    Linux

    I made the development and tests on a Debian GNU/Linux system.

    macOS

    I also tested the new CCID driver on macOS Mojave and it works fine with Unicode characters. I found no issue.

    Conclusion

    I do not expect to see many smart card readers with emoticons, but maybe names with characters from non-Latin alphabets.
    Labels: ,

    Monday, May 25, 2020

    10 years of blogging

    I started this blog 10 years ago, in April 7th 2010.
    Since then I wrote about many aspects of the smart card use in GNU/Linux and macOS.

    Statistics

    Some statistics about the number of articles per year.
    Years 2010 and 2020 represent only half a year of activity.


    Conclusion

    I do plan to be present and continue in the next 10 years.

    GitHub Sponsors: first payment

    Since January 2020 I am part of the Github sponsors program. See my previous article: GitHub Sponsors.

    Payment

    I just got my first payment in May 2020 for the amount of €66.25. Yeah!

    The next payment should occur in June 2022, in 2 years. Unless new sponsors arrive in the meantime.

    Sponsors

    For now I have 3 sponsors:Martin Paljak, Jaroslav Imrich and CrazyMarvin. A big thank you to you!
    The sponsor list is public. You can see it at https://github.com/sponsors/LudovicRousseau/.
     
    They sponsor me for a total of $9/month. This number is NOT public but I want to be transparent with you. What you can see on my sponsor page is that I am "90% towards $10 per month goal". So after some mathematical calculation it is easy to get the $9/month.

    Github also has the GitHub Sponsors Matching Fund. So half of that money comes from github/Microsoft. That is is first time I receive something from Microsoft ๐Ÿ˜€.

    Use of the money

    That is not a huge amount of money but that will help pay for the VPS I rent at OVH to host my projects at https://muscle.apdu.fr/. They are mostly pcsc-lite and libccid.

    Conclusion

    I have 2 active options to send me money:
    Feel free to use whatever to prefer.

    Friday, May 15, 2020

    New PyKCS11 1.5.8 available

    I just released a new version of PyKCS11, a Python wrapper above the PKCS#11 API.
    See "PyKCS11 introduction" or "PyKCS11’s documentation".

    The project is registered at Pypi: https://pypi.org/project/PyKCS11/

    Changes:

    1.5.8 - May 2020, Ludovic Rousseau
    • CKA_ALWAYS_AUTHENTICATE is boolean
    • CKM_VENDOR_DEFINED_...
      • Fix name: use CKM_ instead of CKR_ prefix
      • Use an explicit hex prefix: CKM_VENDOR_DEFINED_0x45
    • Add missing CKM_*, CKA_*, CKF_*, CKD_*, CKK_*, CKN_*, CKO_*, CKR_* from PKCS#11 v3.0
    • fix test_asymetric.py for RSA_PSS_Mechanism
    Labels: , ,
    Subscribe to: Posts (Atom)