OpenSC bridge for U2F

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSC bridge for U2F

helpcrypto helpcrypto
Hi.


I haven't readed U2F [1] specs yet, so maybe I'm absolutely wrong and this is not how it's done, but I'll take the risk and ask anyway:

Any of you plan/consider/think/would like to bridge the U2F spec to make it work with traditional smartcards?
Do you think using a certified CSSD smartcard as a U2F token it's a valid idea?
Anything to add Mr Rundgren?

Again, forgive me if I'm asking a dumb question.
Regards.

[1] http://fidoalliance.org/

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC bridge for U2F

Martin Paljak-4
Hello,

On 10/03/14 17:47 , helpcrypto helpcrypto wrote:
> I haven't readed U2F [1] specs yet, so maybe I'm absolutely wrong
> and this is not how it's done, but I'll take the risk and ask
> anyway:
I've skimmed, but really just a little.

> Any of you plan/consider/think/would like to bridge the U2F spec to
> make it work with traditional smartcards? Do you think using a
> certified CSSD smartcard as a U2F token it's a valid idea?
For sure, as YubiKey NEO is supposed to be U2F compatible and in
essence it is just a JavaCard in a convenient form factor and a
proprietary "el-Button". Su I suspect that for "instant, driver-less
operation (given that you have "Google already installed on your
device")" it is a protocol that can be implemented as an applet? Or
you need to build something in between (like gnupg-pkcs11, as you need
to have OpenPGP card compatible applet on your device for "instant
driver-less operation").

> Anything to add Mr Rundgren?
Yes, you seem to be the one most aware of it. Could you please
enlighten the blind men before we shall be crushed by the elephant :)

> Again, forgive me if I'm asking a dumb question. Regards.
I'll second you as being dumb (and/or lazy/busy).

Best,
--
Martin
+372 515 6495

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC bridge for U2F

Anders Rundgren-2
In reply to this post by helpcrypto helpcrypto
On 2014-03-10 18:47, helpcrypto helpcrypto wrote:
> Hi.
>
>
> I haven't readed U2F [1] specs yet, so maybe I'm absolutely wrong and this is not how it's done, but I'll take the risk and ask anyway:
>
> Any of you plan/consider/think/would like to bridge the U2F spec to make it work with traditional smartcards?
> Do you think using a certified CSSD smartcard as a U2F token it's a valid idea?
> Anything to add Mr Rundgren?

Of course :-)
Traditional smart cards can be used as is; they only have to support a U2F applet.
If you rather consider already issued cards, I don't think they would work.

>
> Again, forgive me if I'm asking a dumb question.

Its a GOOD question!!!

Anders

> Regards.
>
> [1] http://fidoalliance.org/
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/13534_NeoTech
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: OpenSC bridge for U2F

Ludovic Rousseau
2014-03-10 19:14 GMT+01:00 Anders Rundgren <[hidden email]>:

> On 2014-03-10 18:47, helpcrypto helpcrypto wrote:
>> I haven't readed U2F [1] specs yet, so maybe I'm absolutely wrong and this is not how it's done, but I'll take the risk and ask anyway:
>>
>> Any of you plan/consider/think/would like to bridge the U2F spec to make it work with traditional smartcards?
>> Do you think using a certified CSSD smartcard as a U2F token it's a valid idea?
>> Anything to add Mr Rundgren?
>
> Of course :-)
> Traditional smart cards can be used as is; they only have to support a U2F applet.
> If you rather consider already issued cards, I don't think they would work.

The specification [1] at line 72 talks about a "Fido u2f sample applet
code for reference" and is using ISO 7816-4 APDU. I could not find the
"sample applet code" but I have not searched a lot.

The USB level protocol (also in [1]) is not CCID so you will need a
special "smart card reader" to use a traditional smart card as a U2F
token.
I don't know is a someone (a smart card reader company) is working on
that. I guess it is much cheaper to just build a token.

Bye

[1] http://fidoalliance.org/specs/fido-u2f-usb-framing-of-apdus-v1.0-rd-20140209.pdf


--
 Dr. Ludovic Rousseau

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel