Re: [opensc-devel] USB token firmware
Peter Stuge wrote: > You mentioned that one component is the small proprietary HID code > for Linux and that part is of course not available, but it seemed > like the other parts might be? Or did I misunderstand? I think I did. I read your email again to check. > Can you say more about the software on Linux for that token? From your email it seems that the software for Linux may be completely proprietary. In that case it is of course difficult for me to make any suggestions. Is there any protocol documentation? //Peter pgpe8tVL9l885.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] USB token firmware
Jean-Michel Pouré - GOOZE wrote: > > No need for token, but thanks for the offer! :) The code that already > > supports the device is instead what I would look at. Is it available > > online? > > Sorry, it is not publicly available. You mentioned that one component is the small proprietary HID code for Linux and that part is of course not available, but it seemed like the other parts might be? Or did I misunderstand? Can you say more about the software on Linux for that token? > I am confused about this discussion, because at first you ask us to > flash the ePass2003 with another firmware, Oh, no that was Anders' suggestion. Maybe that's the confusion. I agree with him that as far as existing card/token standards go, PIV is indeed likely to be well and widely supported, but I don't have any opinion on changing the ePass2003 firmware. > then we tell you that Feitian HID tokens are already available and > you are not interested because ... kernel driver is not perfect > under Linux. I'm not interested in having yet another token laying around. :) But I am however interested in the protocol! And I would look at the Linux software situation for that HID token and I would maybe also be able to find improvements. I just don't need the token to do that. > At GOOZE, we stick to CCID. I think this is smart, especially if the Feitian HID token is an older product and no new HID token is planned. > Good luck with your project. Thanks! The idea was always only about a protocol optimized for security, usability and portability, and it still needs r&d, so please don't get the impression that I am trying to make someone else use it before I have shown that it works. > I hope that we will be able to collaborate more on OpenSC main > branch without being too picky on solutions. Don't worry, as you know I'm not a significant contributor. //Peter pgpTj3I69Q1It.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] USB token firmware
Le mardi 21 février 2012 à 00:44 +0100, Peter Stuge a écrit : > No need for token, but thanks for the offer! :) The code that already > supports the device is instead what I would look at. Is it available > online? Sorry, it is not publicly available. I am confused about this discussion, because at first you ask us to flash the ePass2003 with another firmware, then we tell you that Feitian HID tokens are already available and you are not interested because ... kernel driver is not perfect under Linux. At GOOZE, we stick to CCID. Good luck with your project. I hope that we will be able to collaborate more on OpenSC main branch without being too picky on solutions. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu smime.p7s Description: S/MIME cryptographic signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] USB token firmware
Jean-Michel Pouré - GOOZE wrote: > > http://libusb.org/wiki/FAQ#CanIcreateadriverlessdeviceusingHIDclass > > I wron't discuss as I don't know if improving HID for GNU/Linux is > really time consuming. Hopefully you read the page anyway to find out about the considerations for HID. It may still be relevant even if the HID token is a little older. The HIDAPI library created by Alan Ott is as easy to use as it gets for HID class devices with Linux. The Linux kernel since a long time offers an API which can be used without any drivers and also without libusb, but the API has limited capabilities, and depending on the device they may not be sufficient. Then it will be neccessary to use libusb instead, and udev must be configured to allow the user to disable the kernel HID class driver. I believe HIDAPI now supports not only using libusb but also the kernel API. > > Do you know how it is used by CryptoAPI and/or PKCS#11 applications? > CSP and PKCS#11. OK! Yes, then the idea is similar to mine, except I do not like to use HID in order to reduce portability issues. HID has advantages for Windows but is more complicated everywhere else. (It can even be impossible on Mac OS X. Apple changed the policy for replacing the kernel HID driver in 10.6.) > Just contact me privately and I can ship you a free HID token for > testing. As you are the "wizard" of libusb, you may be able to judge > and maybe find a solution to communicate with the tokens. No need for token, but thanks for the offer! :) The code that already supports the device is instead what I would look at. Is it available online? //Peter pgp48aJSg2TtO.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
