2011/11/8 Frank Morgner <morg...@informatik.hu-berlin.de>: > Hi! Hello,
>> > I wrote a patch for libccid to support PACE. Due to a lack of >> > standardization on the USB level there is only my ccid-emulator, which >> > can be used with this feature. See >> > http://sourceforge.net/projects/vsmartcard/ for the libccid patch and >> > ccid-emulator. >> >> Thanks for the info and pointer. >> PACE is now standardized/documented in an PC/SC document [1]. >> >> So I may include your patch (or a modified version) "soon". >> >> Thanks >> >> [1] http://www.pcscworkgroup.com/specifications/specdownload.php >> Part 10. Amendment 1: IFDs with Secure Pin Entry Capabilities > Actually PACE is executed with SCardControl. The current implementation > for control commands in OpenSC would not allow executing PACE, because > reader-pcsc.c:237 always encodes an APDU. This is OK if you are only > using PIN verification/modification (which require an encoded APDU). But > it is impossible to use for PACE, because the input data is something > very different than an APDU. > > I have already filed a bug on this topic and proposed a solution > http://www.opensc-project.org/opensc/ticket/236 Bug 236 "Better integration of SCardControl" has been closed with "wontfix" tag. The discussion continued in bug 237 "Allow the transmit of a raw buffer". I can't comment on the proposed patch. If I am correct Martin proposed (in [1] comment 16) to simplify the changes but nobody proposed a patch for this. Do you need to use SCardTransmit() or SCardControl() at the PC/SC level? OpenSC mixes SCardTransmit() and SCardControl(). Maybe a good evolution would be to have separate functions. > Are you interested in supporting PACE? This would allow changing the PIN > of the German identity card (nPA) with certain PIN pad readers > (CAT-S/CAT-K). I could also add support for doing PACE with readers > that don't have a PIN pad, but for this I am first waiting for the final > decisions regarding SM in OpenSC. In a previous mail you wrote "But there is no CCID compliant reader that supports PACE (except ccid-emulator). " Is it still the case? What are the "certain PIN pad readers (CAT-S/CAT-K)" you are talking about now? Bye, [1] http://www.opensc-project.org/opensc/ticket/237#comment:16 -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
