Extended length APDU solved for Cardman

Ludovic Rousseau ludovic.rousseau at free.fr
Tue Jun 30 11:22:32 CEST 2009

----- "Werner Koch" <wk at gnupg.org> a écrit :
> Hi Ludovic,

Hello Werner,

> After spending too much time trying to trace the USB commands of the
> Cardman readers using Windows under KVM I switched back to the old
> sniffusb tool on native Windows.
> I figured out how to send extended APDUs and it works now with
> GnuPG's
> internal driver and the new OpenPGP card.  I have not yet tested
> other
> cards.  Tested with a CM6121 and the CM4040 PCCARD reader.  I still
> need
> to check wether the Cherry keyboard works the same way and maybe even
> try the KAAN reader.
> You need to switch to TPDU mode for extended length APDUs.  They are
> send using the CCID Escape sequence 00 00 00 1A followed by the TPDU.
> The response is a 1A followed by the TPDU.  The only problem is that
> you
> need to resync the T=1 sequence counter if the reader returns an
> error
> (which is likely).  Make sure to use a NAD of 0x00.

You are using a proprietary command to switch the reader in TPDU mode. Is it documented somewhere by Omnikey?

You should not have to play this game with the Kobil KAAN readers. They are declared as "Short and Extended APDU level exchange".

I am surprised you invested so much energy in supporting (limited) readers instead of using existing TPDU or extended APDU readers.

You can also see the page [1] to know the readers you should recommand for use with the OpenPGP card.

> If you want to trace stuff yourself
> http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/tools/ccidmon.c?root=GnuPG
> might be useful.  Should build as a standalone program; usage is
>   ccidmod --sniffusb <logfile.usb

This tools looks great and was missing me when I started by CCID driver.


[1] http://pcsclite.alioth.debian.org/ccid_extended_apdu.html

 Dr. Ludovic Rousseau

More information about the Gnupg-devel mailing list