[pkg-gnupg-maint] Bug#854005: Bug#854005: ssh-agent no longer works
Ludovic Rousseau
ludovic.rousseau at free.fr
Fri Feb 10 18:11:17 UTC 2017
On Tue, 07 Feb 2017 15:17:04 +0900 NIIBE Yutaka <gniibe at fsij.org> wrote:
> Hello,
Hello,
> On GNU/Linux, use of PC/SC service is not recommended for OpenPGP card
Why is that exactly?
> (installing PC/SC is OK) and the use of different smartcards with PC/SC
> (OpenPGP card together with other cards) requires struggle anyway, so, I
> think that asking such users would be an option.
My proposal:
- if "disable-ccid" is present then use PC/SC
- if "disable-ccid" is not present then use the internal CCID only and do not use PC/SC
The default value would be to use "disable-ccid".
People that _really_ know what they do could remove the "disable-ccid" (and break PC/SC).
> The situation is complicated becase only some limited card readers works
> for OpenPGP card. Since most users prefer longer key size of RSA these
> days, the use of OpenPGP card requires tough condition to card reader.
> Some workaround in the lower level of USB communcation for specific card
> readers are implemented in the internal CCID driver, so, if the use if
> for OpenPGP card, internal CCID driver is better option.
Use of long RSA keys require extended APDU. Not all smart card readers support extended APDU.
See https://pcsclite.alioth.debian.org/ccid_extended_apdu.html and https://ludovicrousseau.blogspot.fr/2011/05/extended-apdu-status-per-reader.html
Bye
--
Dr. Ludovic Rousseau
More information about the pkg-gnupg-maint
mailing list