exclusive vs. shared smart card access

Dirk-Willem van Gulik dirkx at webweaving.org
Tue Sep 1 13:24:03 CEST 2015


> On 01 Sep 2015, at 11:58, Simon Josefsson <simon at josefsson.org> wrote:
> 
> NIIBE Yutaka <gniibe at fsij.org> writes:
> 
>> On 09/01/2015 04:23 PM, Simon Josefsson wrote:
>>> There is U2F too which is supported by Chrome (works in Debian Stable).
>> 
>> I didn't know that.  Is it implemented parallel to OpenPGPcard as a
>> feature in a single smartcard?  How does it work with Yubikey?
>> 
>> If it's implemented by another interface of USB device, it's simpler,
>> it can co-exist.
> 
> I forgot to mention some details -- U2F is not CCID but a different
> USB-based protocol.  Locking CCID will not prevent U2F from working, I
> believe.

This is indeed correct; we’ve found it perfectly possible to have a PKCS ‘view’ of a token to be visible to OpenSC; whilst it U2F identity was claimed by another process/user.

Dw.


More information about the Gnupg-devel mailing list