On Mon, 2012-02-27 at 12:23 -0700, Anthony Foiani wrote: > Andy, Ludovic -- > > On Mon, Feb 27, 2012 at 11:15 AM, Ludovic Rousseau > <ludovic.rouss...@gmail.com> wrote: > > Le 27 février 2012 18:46, Anthony Foiani <anthony.foi...@gmail.com> a écrit > > : > >> Now to see if there's an easy way to tell the difference between these > >> two types of iKey4000... > > > > You can use the "lsusb" command on GNU/Linux to display the USB Vendor > > ID and Product ID. > > But you need to _have_ the device first. So not really helpful if you > > want to by one, unless you are allowed to bring it back and get your > > money. > > The situation is actually a bit worse. I'm working with an > organization that has already standardized on the iKey4000 and has > already issued them and integrated them into other parts of their > infrastructure. I do have a handful of samples, but if both types are > already out in the field, then I need a solution that can accomodate > both. :(
Well, you'll have to build a solution that proerly layers and abstracts the "reader" from the "smart card" that will be difficult. The CCID version (which I don't have) likely follows the USB CCID specification: http://www.usb.org/developers/devclass_docs/DWG_Smart-Card_CCID_Rev110.pdf The non-CCID version certainly does not. From analysis of USB snoops in Windows, the non-CCID iKey4000 uses a verdor proprietary protocol. All transfers occur on the USB control pipe with only a 1 or 2 transactions not using a USB vendor proprietary protocol. The end part of a control packet from USB host to device in the protocol are used to specify the command to the device and indicates if a command is for: 1. the device itself (neither reader nor smartcard from what I can guess) 2. the reader 3. the smart-card (PDUs encapsulated in T=1 transport IIRC) Manipulating the reader and device itself isn't all that interesting. The Transport PDU encapsulation and some of the APDUs are clearly following the ISO standards. However, there are a number of what appear to be vendor proprietary APDUs. I personally think implementing support for the iKey4000 "smart card" is hopeless without documentation from SafeNet. If this is really for a business, contact SafeNet and ask if they have a solutions partner that can develop a Linux solution for your organization. It will likely be money well spent, compared to the labor hours you will burn through trying to implement something with no documentation. If Open Source is important to you for long term supportability in house, maybe you can inquire about the cost of the solutions partner implementing an open source solution for you. Regards, Andy _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
