On Apr 28, 2010, at 21:00 , Andreas Jellinghaus wrote: > Am Mittwoch 28 April 2010 17:31:27 schrieb Jim Rees: >> CyProtect >> recommends AET IDp 1000 Token, which is JCOP41, as a replacement. Will >> this work with OpenSC? Can someone update the wiki? > > well, I guess it works as good or bad as every jcop card - > you need to load some applet (e.g. muscle applet) and that > applet can work with opensc. see cyberflex cards - they are all jcop, > so it is all the same to opensc.
Cyberflex != JCOP AFAIK. They are all JavaCards but I'm not so sure about the underlying chips and specs. The thing that matters most with tokens is the USB interface. If it is proprietary, then you have one more thing to worry about. If the USB interface is CCID, it's much better. The next problem is the actual smart card inside the token. If it is proprietary, another driver needs to be written or existing one reverse-engineered. If the card is actually a JavaCard, it depends on the contents of the card - is there an applet pre-loaded and/or do you have the keys (if set) to upload new applets. A locked-in non-proprietary applet means the same kind of problems as any other proprietary card. If is is a blank JavaCard at least you have options, as the card platform is open. > but muscle applet and driver are quite restricted compared to > the full drivers in opensc (e.g. cardos, cryptoflex). > not sure what the details are, but installation is much harder > as you need a gp tool first, and you can't run all commands - > and of course not the full test suite. also only one pin > and only some profiles are supported etc. :( Muscle supports multiple PINs, but the generic issues with MuscleApplet are: a) it does not conform to ISO-7816-*, which means the commands and structures are different b) the applet does not implement a filesystem concept, but just "stack of objects" c) OpenSC support is "hairy" I've "disassembled" the Muscle Applet (and somewhat much more capable CoolKeyApplet) and JavaCardSign applets to gather the best bits and pieces into a single open source applet, as in the long run, JavaCards and applets are a better choice and more viable than proprietary vendor cards: because you don't depend on a closed APDU manual and have option and choices on the card side as well, not only the host software. If anyone is interested in fixing the issue(s) with JavaCards, I can write a high level "status of things" into the relevant wiki page (currently it only collects small links and information pieces) with a short overview of what exists, where exists etc in the javacard projects I've gone through, as well as send a free Cosmo V7 128K JavaCard to anyone who demonstrates interest in helping out. -- Martin Paljak http://martin.paljak.pri.ee +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
