Hello, On Thu, Jun 7, 2012 at 12:34 PM, helpcrypto helpcrypto <[email protected]> wrote: > Sending an apdu to the card, to check if that card is the "desired" > doesnt like me. Take the following example: > - Card A has an apdu 012345 which delete a file (no pin required to > delete the file :P) > - Card B has an apdu 012345 to select DF. > When looking for B DF, could I delete A files accidentaly?
This is a purely theoretical situation. If you have a card that goes havoc to random commands, you should take *extra*care* with this card. Like not use it at all. Smart cards are usually created to protect the contents of the card from whatever is "out there". So if you have a card that acts like a "memory stick" you probably are using it not for the right purpose. And nothing can protect from the human factor: they sell adapters that allow to plug a 120v application into 240v sockets. Think of all the damage that can accidentally happen! (or even worse, if a kid finds the adapter and fits his fingers into it) Nevertheless, it would be nice to have a listing of readers and their properties (pinpad, contactless etc) but I also have little hope for a PC/SC workgroup change and wide-spread adoption in the close future... For card detection: ATR is supposed to be a technical interface descriptor. What protocols, what speeds. Yes, it is used as a card identifier in many cases (like MS Minidriver), but eventually the on-card application (and for PKI, the onboard keys) matters. How you identify the application is up to you, but the common thing seems to be AID selection. Do you have better suggestions for a universal method for (card)application detection? Martin _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
