Fwd: gnupg SmartCard V3.3

NIIBE Yutaka gniibe at fsij.org
Thu Mar 1 01:14:15 CET 2018


Werner Koch <wk at gnupg.org> wrote:
> @gniibe: Do you have any more up to date information on macOS and
> smartcard readers?

If possible, I recommend to use GnuPG's in-stock driver to access
smartcard.  It is direct access by libusb, not using PC/SC service.

For GNU/Linux, if you don't have any other use of PC/SC service, please
uninstall it, or disable the service, and try again with GnuPG's
in-stock driver.

For the driver, I maintain this list:


For macOS, I think that it still uses old PC/SC and libccid library.
I'm afraid that new readers (with new features like pinpad support)
don't work well, or don't work at all.

I need macOS developers who build GnuPG with libusb.  Currently, GnuPG
scdaemon uses PC/SC service on macOS and Windows.  On GNU/Linux, people
can use both ways (in-stock driver or PC/SC).

> - Cherry GmbH SmartBoard XX44

  02.... Short APDU level exchange

Because of this limitation, this reader cannot handle larger APDU (~=
packet), which is needed for recent RSA key size.  You can still use it
with RSA-1024.


  bPINSupport: 0x03
     PIN Verification supported
     PIN Modification supported

I'm afraid it doesn't work on macOS.

> - Alcor Micro AU9540 00 00

I had a bug report with this reader: 


I think it now works fine by GnuPG's in-stock driver on GNU/Linux.
Please test.

It seems that this reader has a problem in PC/SC service, and it's not
supported by PC/SC-lite + libccid.


			*	*	*

Supporting users' freedom on computing (for their privacy in digital
world), I need have/collect/maintain knowledge of those hardware.

But... when there is a problem, it tends to be because of bad firmware
implementation, which is proprietary.  In the proprietary world, the
practice is... to be "fixed" in the proprietary driver (than the
firmware).  But that "fix" has tendency not to be published to users or
developers of free software.

For me, it's a pity that I somehow need to have knowledge around those
proprietary firmware.

Perhaps, someday, in free software, I will write CCID reader
implementation which accesses smartcard, by free software (I mean,
development environment), for free software (= GnuPG maintenance); Then,
we can proceed to free firmware of smartcard itself.

# About ten years ago, I didn't take that approach but a short cut, that
# was Gnuk.  The reason was that it was difficult to find hardware
# vendors which allowed developing free firmware implementation of
# smartcard.

Having free CCID reader implementation still makes sense, to encourage
free firmware implementation of smartcard.  I'd like to work for some
part this year.

More information about the Gnupg-users mailing list