On Tue, 07 Feb 2017 15:17:04 +0900 NIIBE Yutaka <[email protected]> wrote:
Hello,

Hello,
On GNU/Linux, use of PC/SC service is not recommended for OpenPGP card

Why is that exactly?

(installing PC/SC is OK) and the use of different smartcards with PC/SC
(OpenPGP card together with other cards) requires struggle anyway, so, I
think that asking such users would be an option.

My proposal:

- if "disable-ccid" is present then use PC/SC
- if "disable-ccid" is not present then use the internal CCID only and do not 
use PC/SC

The default value would be to use "disable-ccid".

People that _really_ know what they do could remove the "disable-ccid" (and 
break PC/SC).

The situation is complicated becase only some limited card readers works
for OpenPGP card.  Since most users prefer longer key size of RSA these
days, the use of OpenPGP card requires tough condition to card reader.
Some workaround in the lower level of USB communcation for specific card
readers are implemented in the internal CCID driver, so, if the use if
for OpenPGP card, internal CCID driver is better option.

Use of long RSA keys require extended APDU. Not all smart card readers support 
extended APDU.
See https://pcsclite.alioth.debian.org/ccid_extended_apdu.html and 
https://ludovicrousseau.blogspot.fr/2011/05/extended-apdu-status-per-reader.html

Bye

--
Dr. Ludovic Rousseau

Reply via email to