2011/11/8 Frank Morgner <morg...@informatik.hu-berlin.de>:
> Hi!

Hello,

>> > I wrote a patch for libccid to support PACE. Due to a lack of
>> > standardization on the USB level there is only my ccid-emulator, which
>> > can be used with this feature. See
>> > http://sourceforge.net/projects/vsmartcard/ for the libccid patch and
>> > ccid-emulator.
>>
>> Thanks for the info and pointer.
>> PACE is now standardized/documented in an PC/SC document [1].
>>
>> So I may include your patch (or a modified version) "soon".
>>
>> Thanks
>>
>> [1] http://www.pcscworkgroup.com/specifications/specdownload.php
>> Part 10. Amendment 1: IFDs with Secure Pin Entry Capabilities

> Actually PACE is executed with SCardControl. The current implementation
> for control commands in OpenSC would not allow executing PACE, because
> reader-pcsc.c:237 always encodes an APDU. This is OK if you are only
> using PIN verification/modification (which require an encoded APDU). But
> it is impossible to use for PACE, because the input data is something
> very different than an APDU.
>
> I have already filed a bug on this topic and proposed a solution
> http://www.opensc-project.org/opensc/ticket/236

Bug 236 "Better integration of SCardControl" has been closed with "wontfix" tag.
The discussion continued in bug 237 "Allow the transmit of a raw buffer".

I can't comment on the proposed patch. If I am correct Martin proposed
(in [1] comment 16) to simplify the changes but nobody proposed a
patch for this.

Do you need to use SCardTransmit() or SCardControl() at the PC/SC level?
OpenSC mixes SCardTransmit() and SCardControl(). Maybe a good
evolution would be to have separate functions.

> Are you interested in supporting PACE? This would allow changing the PIN
> of the German identity card (nPA) with certain PIN pad readers
> (CAT-S/CAT-K).  I could also add support for doing PACE with readers
> that don't have a PIN pad, but for this I am first waiting for the final
> decisions regarding SM in OpenSC.

In a previous mail you wrote "But there is no CCID compliant reader
that supports PACE (except ccid-emulator). "
Is it still the case?
What are the "certain PIN pad readers (CAT-S/CAT-K)" you are talking about now?

Bye,

[1] http://www.opensc-project.org/opensc/ticket/237#comment:16

-- 
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to