exclusive vs. shared smart card access
Andreas Schwier
andreas.schwier.ml at cardcontact.de
Tue Sep 1 09:38:15 CEST 2015
>> And the one application controlling access to the card is the PC/SC
>> daemon and *not* scdaemon. scdaemon is *one* of the applications
>> accessing the card via PC/SC.
>
> It seems that you assume shared access to OpenPGPcard is a good thing,
> while I don't think so.
That is not what I'm saying.
Sharing a card is O.K while the PIN is not authenticated. Once the PIN
is authenticated, an application should have exclusive access.
However this period should be as short as possible and an application
must release exclusive access either explicitly by user request or time-out.
Hijacking the card is pretty much like gnome-keyring-daemon hijacking
gpg-agent.
>
--
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 571 56149
--------- http://www.cardcontact.de
http://www.tscons.de
http://www.openscdp.org
http://www.smartcard-hsm.com
--
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 571 56149
--------- http://www.cardcontact.de
http://www.tscons.de
http://www.openscdp.org
http://www.smartcard-hsm.com
More information about the Gnupg-devel
mailing list