Aladdin eToken: OpenCT or PCSC+libccid?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Aladdin eToken: OpenCT or PCSC+libccid?

Jean-Michel Pouré - GOOZE
I had a discussion with a student, who would like to make some kernel
development for the Aladdin eToken.

The student thinks that the Aladdin eToken is a legacy PCSC+libccid
token.

I did not find the Aladin eToken in libccid list of supported devices.
Thus, I believe that the Aladdin is supported by OpenCT backend. It
should not be used for kernel development.

I could not find a lot of information on the Internet.

What is your opinion?
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

John R Pierce
Jean-Michel Pouré - GOOZE wrote:

> I had a discussion with a student, who would like to make some kernel
> development for the Aladdin eToken.
>
> The student thinks that the Aladdin eToken is a legacy PCSC+libccid
> token.
>
> I did not find the Aladin eToken in libccid list of supported devices.
> Thus, I believe that the Aladdin is supported by OpenCT backend. It
> should not be used for kernel development.
>
> I could not find a lot of information on the Internet.
>
> What is your opinion?
>  

which one?  Aladdin eTokens up to and including the 64k model are
Siemens CardOS based, but using Aladdin's own firmware (which is $$
licensed).   The new 72k model is JavaCard based, but also using
Aladdin's own firmware.   Normally, you use these with Aladdin's own
PKI-Client sofware which provides a PKCS#11 interface for use by other
software.

I've heard but not confirmed personally, that you can use -some- of the
eTokens with pcsc and no aladdin pki client code.    I've also heard
that you can get a special 'engineering' version of the 72k JavaCard
token, which can be used with muscle firmware, but I don't know what all
the implications of that are.



_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

Dan Peterson [ESnet]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: Aladdin == Safenet as of March 31 2010.

"that you can use -some- of the eTokens with pcsc and no aladdin pki client code.    "

We are using
64k pro (COS 4.2) with OpenSC and FreeBSD (NO Aladdin code) likely other flavors of UNIX as well.
72k doesn't work (for me anyway)

- --
Dan
 

>-----Original Message-----
>From: [hidden email] [mailto:opensc-user-
>[hidden email]] On Behalf Of John R Pierce
>Sent: Tuesday, April 20, 2010 8:14 AM
>To: [hidden email]
>Cc: [hidden email]
>Subject: Re: [opensc-user] Aladdin eToken: OpenCT or PCSC+libccid?
>
>Jean-Michel Pouré - GOOZE wrote:
>> I had a discussion with a student, who would like to make some kernel
>> development for the Aladdin eToken.
>>
>> The student thinks that the Aladdin eToken is a legacy PCSC+libccid
>> token.
>>
>> I did not find the Aladin eToken in libccid list of supported devices.
>> Thus, I believe that the Aladdin is supported by OpenCT backend. It
>> should not be used for kernel development.
>>
>> I could not find a lot of information on the Internet.
>>
>> What is your opinion?
>>
>
>which one?  Aladdin eTokens up to and including the 64k model are
>Siemens CardOS based, but using Aladdin's own firmware (which is $$
>licensed).   The new 72k model is JavaCard based, but also using
>Aladdin's own firmware.   Normally, you use these with Aladdin's own
>PKI-Client sofware which provides a PKCS#11 interface for use by other
>software.
>
>I've heard but not confirmed personally, that you can use -some- of the
>eTokens with pcsc and no aladdin pki client code.    I've also heard
>that you can get a special 'engineering' version of the 72k JavaCard
>token, which can be used with muscle firmware, but I don't know what all
>the implications of that are.
>
>
>
>_______________________________________________
>opensc-user mailing list
>[hidden email]
>http://www.opensc-project.org/mailman/listinfo/opensc-user


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.1 (Build 287)
Charset: UTF-8

wj8DBQFLzcmu5chTNtilRz8RAjrGAKCdW+6Ojm1tmjf+5u2LXtYkZSa84QCdG25n
frBZFktI+2v+LaBYFd3P3r0=
=ZsT+
-----END PGP SIGNATURE-----
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

Martin Paljak-2
In reply to this post by John R Pierce
On Apr 20, 2010, at 18:14 , John R Pierce wrote:

> Jean-Michel Pouré - GOOZE wrote:
>> I had a discussion with a student, who would like to make some kernel
>> development for the Aladdin eToken.
>>
>> The student thinks that the Aladdin eToken is a legacy PCSC+libccid
>> token.
>>
>> I did not find the Aladin eToken in libccid list of supported devices.
>> Thus, I believe that the Aladdin is supported by OpenCT backend. It
>> should not be used for kernel development.
>>
>> I could not find a lot of information on the Internet.
>>
>> What is your opinion?
>>
>
> which one?  Aladdin eTokens up to and including the 64k model are
> Siemens CardOS based, but using Aladdin's own firmware (which is $$
> licensed).   The new 72k model is JavaCard based, but also using
> Aladdin's own firmware.   Normally, you use these with Aladdin's own
> PKI-Client sofware which provides a PKCS#11 interface for use by other
> software.

> I've heard but not confirmed personally, that you can use -some- of the
> eTokens with pcsc and no aladdin pki client code.    I've also heard
> that you can get a special 'engineering' version of the 72k JavaCard
> token, which can be used with muscle firmware, but I don't know what all
> the implications of that are.

I think the question here is whether some of the Aladdin tokens support CCID, as that would be a "sensible" (better than proprietary USB level protocol) thing to implement in kernel space? (As much as I've overheard such discussions the Sensible thing for such scenarios usually means kernel<->userspace communication to not overload the kernel but YMMV)

AFAIK Aladdin tokens don't come with CCID, but some from Athena should come (and they should have similar capabilities)

--
Martin Paljak
http://martin.paljak.pri.ee
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

Jean-Michel Pouré - GOOZE
Thank you all for your answers.
I will stick to pure PCSC+CCID solutions.
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

Andreas Jellinghaus-2
In reply to this post by Jean-Michel Pouré - GOOZE
Am Dienstag 20 April 2010 16:28:02 schrieb Jean-Michel Pouré - GOOZE:
> I had a discussion with a student, who would like to make some kernel
> development for the Aladdin eToken.

if it can be done outside the kernel, do it outside the kernel!
thats the golden rule to prevent the kernel from becomming too fat.

usb tokens don't need kernel drivers, it is easy to use them
from user space with ioctl() to the /dev/bus/usb/*/* files
(or libusb).

> The student thinks that the Aladdin eToken is a legacy PCSC+libccid
> token.

not, it is much older than ccid standard, thus has its own, old interface.

> I did not find the Aladin eToken in libccid list of supported devices.

sure, not ccid.

> What is your opinion?

there is an old driver "etoken" I wrote many years ago. don't use it,
it is buggy, and I gave up the project in favor of "usbtoken" which
was an implementation for many similar devices, and was integrated into
opensc - no middleware required. that in turn was succeeded by openct.

if your student wants to spend time on writing a nice ifdhandler,
my proposal is this:
* take libccid code
* isolate the parts that are related to the ccid interface
* replace them with an interface connecting usb and t=1 protocol
  in aladdin style (see the source code, it is totaly simple).
* bonus if the result could be added to libccid as a clean driver
  implementing several different interfaces (not only ccid).

I thought about this myself, but I'm lost in the ccid source code,
and have too little time for that myself.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

Jean-Michel Pouré - GOOZE
On Tue, 2010-04-20 at 20:50 +0200, Andreas Jellinghaus wrote:
> if your student wants to spend time on writing a nice ifdhandler,
> my proposal is this:
> * take libccid code
> * isolate the parts that are related to the ccid interface
> * replace them with an interface connecting usb and t=1 protocol
>   in aladdin style (see the source code, it is totaly simple).
> * bonus if the result could be added to libccid as a clean driver
>   implementing several different interfaces (not only ccid).

Thanks for the input. This would be a great project.

The person is not my student, only a student working on a project who
wanted to implement libccid in Kernel and though Aladdin eToken was CCID
compliant. I jumped to the ceiling!
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

Ludovic Rousseau
Le 20 avril 2010 21:01, Jean-Michel Pouré - GOOZE <[hidden email]> a écrit :
> The person is not my student, only a student working on a project who
> wanted to implement libccid in Kernel and though Aladdin eToken was CCID
> compliant. I jumped to the ceiling!

What a stupid idea: reimplement a CCID driver in kernel space.

A better idea (but maybe too easy) would be to port my CCID driver
from libusb-0.1 to libusb-1.0. But this project is far less sexy than
writing kernel code :-)

Bye

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

Kevin Oberman
> From: Ludovic Rousseau <[hidden email]>

> Date: Tue, 20 Apr 2010 21:40:09 +0200
> Sender: [hidden email]
>
> Le 20 avril 2010 21:01, Jean-Michel Pouré - GOOZE <[hidden email]> a écrit :
> > The person is not my student, only a student working on a project who
> > wanted to implement libccid in Kernel and though Aladdin eToken was CCID
> > compliant. I jumped to the ceiling!
>
> What a stupid idea: reimplement a CCID driver in kernel space.
>
> A better idea (but maybe too easy) would be to port my CCID driver
> from libusb-0.1 to libusb-1.0. But this project is far less sexy than
> writing kernel code :-)
Now THAT could be useful. It might even make CCID work on FreeBSD V8 and
newer as they now include libusb-1.0 in the base system.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [hidden email] Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

João Poupino-3
In reply to this post by Martin Paljak-2


2010/4/20 Martin Paljak <[hidden email]>
On Apr 20, 2010, at 18:14 , John R Pierce wrote:
> Jean-Michel Pouré - GOOZE wrote:
>> I had a discussion with a student, who would like to make some kernel
>> development for the Aladdin eToken.
>>
>> The student thinks that the Aladdin eToken is a legacy PCSC+libccid
>> token.
>>
>> I did not find the Aladin eToken in libccid list of supported devices.
>> Thus, I believe that the Aladdin is supported by OpenCT backend. It
>> should not be used for kernel development.
>>
>> I could not find a lot of information on the Internet.
>>
>> What is your opinion?
>>
>
> which one?  Aladdin eTokens up to and including the 64k model are
> Siemens CardOS based, but using Aladdin's own firmware (which is $$
> licensed).   The new 72k model is JavaCard based, but also using
> Aladdin's own firmware.   Normally, you use these with Aladdin's own
> PKI-Client sofware which provides a PKCS#11 interface for use by other
> software.

> I've heard but not confirmed personally, that you can use -some- of the
> eTokens with pcsc and no aladdin pki client code.    I've also heard
> that you can get a special 'engineering' version of the 72k JavaCard
> token, which can be used with muscle firmware, but I don't know what all
> the implications of that are.

I think the question here is whether some of the Aladdin tokens support CCID, as that would be a "sensible" (better than proprietary USB level protocol) thing to implement in kernel space? (As much as I've overheard such discussions the Sensible thing for such scenarios usually means kernel<->userspace communication to not overload the kernel but YMMV)

AFAIK Aladdin tokens don't come with CCID, but some from Athena should come (and they should have similar capabilities)


The Aladdin eToken 72K is CCID compatible. However, in order for it to work with OpenSC, one must use the engineering version.

Regards,
Joao
 
--
Martin Paljak
http://martin.paljak.pri.ee
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user


_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: Aladdin eToken: OpenCT or PCSC+libccid?

Josef Windorfer
In reply to this post by Jean-Michel Pouré - GOOZE
Jean-Michel Pouré - GOOZE schrieb:

> I had a discussion with a student, who would like to make some kernel
> development for the Aladdin eToken.
>
> The student thinks that the Aladdin eToken is a legacy PCSC+libccid
> token.
>
> I did not find the Aladin eToken in libccid list of supported devices.
> Thus, I believe that the Aladdin is supported by OpenCT backend. It
> should not be used for kernel development.
>
> I could not find a lot of information on the Internet.
>
> What is your opinion?
>  
Hi,
I am the student. :-)

That's a misunderstanding. I want to use existing drivers and not
develop something new.
The project I work for, is a new USB token. This new token support the
ccid specification.

Sorry for the confusion.

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user