On Tue, 07 Feb 2017 15:17:04 +0900 NIIBE Yutaka <[email protected]> wrote:
Hello,
Hello,
On GNU/Linux, use of PC/SC service is not recommended for OpenPGP card
Why is that exactly?
(installing PC/SC is OK) and the use of different smartcards with PC/SC (OpenPGP card together with other cards) requires struggle anyway, so, I think that asking such users would be an option.
My proposal: - if "disable-ccid" is present then use PC/SC - if "disable-ccid" is not present then use the internal CCID only and do not use PC/SC The default value would be to use "disable-ccid". People that _really_ know what they do could remove the "disable-ccid" (and break PC/SC).
The situation is complicated becase only some limited card readers works for OpenPGP card. Since most users prefer longer key size of RSA these days, the use of OpenPGP card requires tough condition to card reader. Some workaround in the lower level of USB communcation for specific card readers are implemented in the internal CCID driver, so, if the use if for OpenPGP card, internal CCID driver is better option.
Use of long RSA keys require extended APDU. Not all smart card readers support extended APDU. See https://pcsclite.alioth.debian.org/ccid_extended_apdu.html and https://ludovicrousseau.blogspot.fr/2011/05/extended-apdu-status-per-reader.html Bye -- Dr. Ludovic Rousseau

