Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Wednesday, October 21, 2015

New version of libccid: 1.4.21

I just released a version 1.4.21 of libccid the Free Software CCID class smart card reader driver.

Direct download here.

Changes:
1.4.21 - 21 October 2015, Ludovic Rousseau
  • Add support of
    • ACS ACR1252 Dual Reader
    • Chicony HP USB Smartcard CCID Keyboard JP
    • Chicony HP USB Smartcard CCID Keyboard KR
    • FT ePass2003Auto
    • Feitian bR301 BLE
    • Feitian iR301 (ProductID 0x0619)
    • Feitian iR301 (ProductID 0x061C)
    • Identiv @MAXX ID-1 Smart Card Reader
    • Identiv @MAXX Light2 token
    • Identiv CLOUD 2980 F Smart Card Reader
    • Identiv Identiv uTrust 4701 F Dual Interface Reader
    • Identiv SCR3500 A Contact Reader
    • Identiv SCR3500 B Contact Reader
    • Identiv SCR35xx USB Smart Card Reader
    • Identiv uTrust 2900 R Smart Card Reader
    • Identiv uTrust 2910 R Smart Card Reader
    • Identiv uTrust 2910 R Taglio SC Reader
    • Identiv uTrust 3512 SAM slot Token
    • Identiv uTrust 3522 embd SE RFID Token
    • Identiv uTrust 3700 F CL Reader
    • Identiv uTrust 3701 F CL Reader
    • Identive Identive CLOUD 4000 F DTC
    • Liteon HP SC Keyboard - Apollo (Liteon)
    • Liteon HP SC Keyboard - Apollo JP (Liteon)
    • Liteon HP SC Keyboard - Apollo KR (Liteon)
    • Nitrokey Nitrokey HSM
    • Nitrokey Nitrokey Pro
    • Nitrokey Nitrokey Start
    • Rocketek RT-SCR1
    • VASCO DIGIPASS 875
    • WatchCNPC USB CCID Key
  • Remove support of
    • Crypto Stick Crypto Stick v1.4 is an old version of Nitrokey Nitrokey Pro
    • Free Software Initiative of Japan Gnuk Token is an old version of Nitrokey Nitrokey Start
    • Add Feitain R502 dual interface (composite) reader on Mac OS X
    • display a human readable version of the error code returned by libusb
    • Mac OS X: wait until libusb/the reader is ready
    • some minor bugs fixed

    Sunday, October 11, 2015

    My blog Google+ page

    You are now more than 200 to follow my blog Google+ page at https://plus.google.com/u/0/b/105951035108309096272/105951035108309096272/posts



    Comments

    I disabled comments on the blog in 2013. See why at "Comments are now disabled". Technical questions should go on the MUSCLE mailing list.

    The goal of the Google+ page is to allow you to leave comments about my blog articles.

    If you just want to know when a new article is available maybe you should subscribe to my blog RSS feed instead. It looks like many people are doing that because I have much more readers of my blog than subscribers of my blog Google+ page.

    Conclusion

    Feel free to leave comments related to the articles on Google+.

    If you want to contact me directly you should use email instead of comments. You can reach me at ludovic.rousseau@free.fr or ludovic.rousseau@gmail.com.

    Saturday, October 3, 2015

    Evolution of the number of CCID readers

    Regularly I add support of new smart card readers in the list of CCID devices. I wanted to know how regularly I did that over the lifetime of the project (more than 12 years now).
    So I extracted some numbers from the CCID driver git repository to generate a graphic.

    Graph




    I am really surprised by the linearity of the curve.



    The linear correlation equation is (according to Numbers): y = 1.132e-6 x -159.63
    That is a growth rate of 1.132x10-6 readers per second or 36.7 readers per year.


    The curve is even better approximated by a polynomial equation in x2. The coefficient of determination R2 is then equal to 0.9949 (closer to 1.0) instead of 0.9753 for the linear correlation.



    Accidents

    I note 3 "accidents" or fast evolutions:



    Conclusion

    The number of supported CCID readers continues to grow. I do not expect the growth rate to decrease.

    I guess some very old smart card reader models are no more sold. And are, or not, replaced by new newer models.
    You can list the readers sorted by "seniority" using the Readers sorted by 'release' field page and discover the first 7 readers included in version 0.1.0 of the driver.

    Friday, October 2, 2015

    OS X El Capitan and smart cards status

    El Capitan (OS X 10.11) is now out since 30th September, 2015.

    As I did with the previous major versions of Mac OS X Yosemite, Mavericks, Mountain Lion (and Lion) I will list changes in El Capitan regarding the smart card world.


    API Differences between 10.10 and 10.11

    The differences are listed in the developer page OS X El Capitan v10.11. The page only document big changes. The smart card changes are not listed there :-)

    A complete list of API changes is at OS X v10.11 API Diffs. Regarding the smart card world we have:
    The CryptoTokenKit API has changed. Some methods have been modified, some methods have been added.

    I note two sets of new methods: TKSmartCardPIN* and TKSmartCardUserInteractionFor*. It looks like Apple wants to provide a nice User eXperience regarding PIN management.

    I hope Apple will provide more documentation than the .h header file and some code samples.
    I will try to rebuild my Crypto Token Kit Objective-C and Swift examples on El Capitan to check if they still work.

    PC/SC

    Since Yosemite (10.10) the PC/SC layer is no more a fork of pcsc-lite. So comparing versions with pcsc-lite is useless.

    $ cat /System/Library/Frameworks/PCSC.framework/Versions/A/Resources/version.plist 
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
     <key>BuildAliasOf</key>
     <string>CryptoTokenKit</string>
     <key>BuildVersion</key>
     <string>13</string>
     <key>CFBundleShortVersionString</key>
     <string>8.0</string>
     <key>CFBundleVersion</key>
     <string>1</string>
     <key>ProjectName</key>
     <string>SmartCardServices</string>
     <key>SourceVersion</key>
     <string>79001001000000</string>
    </dict>
    </plist>
    


    The BuildVersion changed from 1 on Yosemite to 13 on El Capitan, and SourceVersion changed from 22020004000000 to 79001001000000. I have no idea what the SourceVersion "number" is.

    It looks like Apple made 12 builds of the PC/SC framework since Yosemite 10.10.

    Bugs fixed

    At least one bug remains: PC/SC functions crash after a fork(2). But this bug may be hard to fix.

    I updated my blog article OS X Yosemite and smart cards: known bugs.

    Maybe new bugs will be found on El Capitan. But I have not yet found any after just a few hours of tests.

    CCID driver

    Driver version 1.4.14.
    No change since Yosemite.

    $ grep -A 1 CFBundleShortVersionString /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
     <key>CFBundleShortVersionString</key>
     <string>1.4.14</string>
    

    New driver location

    The System Integrity Protection (SIP) introduced in El Capitan impose that custom PC/SC drivers are now installed in /usr/local/libexec/SmartCardServices/drivers/.

    Only the CCID driver provided by Apple is still in /usr/libexec/SmartCardServices/drivers/.

    Tokend

    Because of SIP, the tokend needs to be installed in /Library/Security/tokend/ now instead of /System/Library/Security/tokend/.

    The tokend and CDSA are still usable. I just fixed the PKCS11.tokend so that it looks for PKCS#11 libraries in /usr/local/lib/pkcs11/ if /usr/lib/pkcs11/ does not exist (as it is the case on El Capitan because of SIP again).

    Conclusion

    Most of the remaining PC/SC bugs fixed.
    tokend still usable.
    Some new Crypto Token Kit methods.