Hi Timothy, top half:
Only OpenSSH and the opensc tools uses the opensc native interface. Applications such as firefox, thunderbird and friends use opensc-pkcs11.so / PKCS#11 interface (which again uses the internal interfaces). pam_p11 module uses libp11 library to use opensc-pkcs11.so / PKCS#11 interface. openssl command line tool uses engine_pkcs11.so, which uses libp11, which uses opensc-pkcs11.so / PKCS#11 interface. CSP such as ID-Ally (or CSp#11 or PKCSCSP) use the opensc-pkcs11.so / PKCS#11 interface. buttom half: opensc can use a CT-API driver directly. opensc can use openct to access one or several readers supported by opensc. opensc can use pcsc interface to talk to pcsc-lite, which uses one or several ifdhandler drivers, such as the very good libccid driver, to access one or several readers supported by those drivers. openct has a ctapi "headd" so opensc could use openct via the openct ctapi driver. but noone does that I think (was coded for applications that only know ct-api drivers, so they can use openct). openct has a ifdhandler "head" so opensc could use openct via pcsc-lite and the openct ifdhandler. but noone does that I think (was coded so opensc and pcsc-only applications can coexist and both use openct). also a small number of card readers have several slots, not sure if openct or ccid support that however. if you want to use a reader with pinpad (and use the pinpad), then you need to use opensc -> pcsc-lite -> libccid, as openct doesn't support pinpad properly. As for the text: opensc was written for PC/SC architecture and works fine with it, and maybe it is best to recommend opensc + pcsc-lite + ccid these days. openct was written when writing drivers for pcsc-lite was hard, pcsc-lite was acting funny (with everyone too busy to help finding out why), and a few hundred lines of code got the problem solved (replacing pcsc-lite). openct is still available, because it is working well enough for many places and easy to setup and debug. but in terms of features and supported drivers pcsc-lite and ccid are way better these days, and with ludovic as active maintainer for both, but noone working on openct, it is better to invest in pcsc-lite. opensc itself is neutral - it has three reader drivers for PC/SC subsystem, openct subsystem and ct-api drivers - and all of them should work similar well - except PINPAD support is only available for PC/SC (noone implemented it for openct or ct-api). I'm not 100% sure - some home banking applications still seem to use ct-api drivers. but except for that I don't remember any users of ct-api and thus I guess it is obsolete these days. does this help? Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
