opensc compatibility #4
Comments
|
+1 |
1 similar comment
|
👍 |
|
+1 |
|
So what's involved in making this happen? Is it about patching OpenSC, or is something required in the applet? |
|
It's probably only changes to the applet to conform to expectations of OpenSC. As the openpgp driver in OpenSC does it's detection based on ATR the driver choice has to be forced instead of autodetected. $ OPENSC_DEBUG=9 opensc-tool -c openpgp -n and compare with a standard openpgp card. |
|
It seems that OpenSC sends SELECT-FILE: The OpenPGP card returns but Yubico only returns The OpenPGP spec 2.0 allows to return a FCI or empty (p. 31) but OpenSC bails out expecting either an FCI or FCP response. |
Sounds like OpenSC is not following the spec? In this case we should patch OpenSC instead of the applet? |
|
What's the SELECT FILE command supposed to do? If we can make OpenSC accept this (supposedly legal?) output, would it make the OpenSC OpenPGP PKCS#11 driver work? That would be good -- I just read http://changelog.complete.org/archives/9381-detailed-smart-card-cryptographic-token-security-guide and it suggested the neo didn't work with opensc in openpgp mode. |
|
Just stumbled across this; a bug report would have been nice... Anyway, it's fixed in OpenSC with OpenSC/OpenSC#1232 |
The openpgp applet today is not compatible with opensc, it would probably be a good idea to be compatible even if opensc requires the atr to be listed to recognize the card.
The text was updated successfully, but these errors were encountered: