Some time ago we implemented system where smartcard signed continously. In
order to have some understanding how reliable this might be, I did a test.
I had laptop with Ubuntu or Debian, smartcard with CardOS 4.3 (IIRC) from
Siemens, CCID smartcard reader from Omnikey and small program that just
signed continously. This experiment ran successfully for 540 days and
created approximately 118 million signatures. The process ended with:
card-cardos.c:838:cardos_compute_signature: returning with: Internal error
Hardware was still ok, I was able to restart the process.
Best regards,
Arne
On Mon, 8 Sep 2014, Ludovic Rousseau wrote:
2014-09-08 9:30 GMT+02:00 Umberto Rustichelli <[email protected]>:
Dear all, I do not know if this is the right place to ask but I think it is
the only place where the best experience with smart cards is shared.
Hello,
Maybe the best would be to contact the smart card manufacturer or reseller.
I'm recently struggling with some issues when using smart cards for massive
signatures production where massive means a few millions consecutive
signatures for each card (what you wouldn't do to meet the absurd customers'
demand!)...
I think it is irrelevant but let me point out that this applies to cards
from two different vendors and with 2 different (USB) card readers; the
environment can handle up to 98 smart cards (yes, I changed a few parameters
in header files) but just 14 are connected. In production, only one card
type (InCard 34v2 common used in Italy) and only one reader type are used.
To make it short, does anybody know of any predictable limit that can cause
failures (after "many" signatures the *cards disconnect*, one by one) among
the following:
- cards cannot reliably work for more than N signatures
...I know that RAM in cards should work well for N * 10^5
write operations, considering that some writing operations
may be involved when signing, that can be an issue and
would point to chip wearing?
- some counters in the PCSC / CCID code that may be
troublesome after a number of operations (honestly,
I found none but I'm not an expert here)?
- any known issue with smart card drivers, in the specific case
the proprietary InCard driver? The SW involved is
pcsc-lite, cccid, (OpenSC) pkcs11_engine for OpenSSL
and, of course, the driver itself
Did anybody try such massive use of cards?
Please help if you have any experience to share on this or point me to some
documents or forum that can be more appropriate.
I guess the problem is more with EEPROM [1] and not RAM of the smart card.
Accordiong to Wikipedia a typical EEPROM supports 1 million of
read/write/erase cycles. So I am not surprised that you get errors
after a few millions signatures.
pcsc-lite and the libccid driver do not have counters that could
produce an error.
The smart card may have a signature counter and certainly have a
ratification counter for the PIN code. If the PIN needs to be
presented before each signature then the PIN counter will be updated
twice for each signature.
Do you get an error message from the smart card?
Do the smart card just become mute?
Bye
[1] https://en.wikipedia.org/wiki/EEPROM
_______________________________________________
Pcsclite-muscle mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
