Problems w OmniKey CardMan 3121 w generic CCID under SL
Hi, I have problems with the generic ifd-ccid driver for a OmniKey Cardman 3121 under Snow Leopard. Most of the time the ScardOpenReader call will return "Unresponsive card" or "No Smart Card inserted". I have the same problem with a Gemalto PC Key reader. I've tried to recompile the driver and the pcsc daemon but no success.
From the --debug logging of pcscd it seems like there are lots of USB related error, both reading and writing. I finally got the Omnikey reader to work, using their proprietary driver, by removing the corresponding items from the generic ifd-ccid Info.plist. Now it works like a charm, but it is a bit frustrating that the generic stuff wouldn't work.
Does anyone have any insight on this? If needed I could provide detailed log data from pcscd... Original setup: PCSC Framework 1.4.0 ifd-ccid 1.3.8 Also tried (compiled for 64 bits): pcsc-lite 1.5.5 ifd-ccid 1.3.11 (linked to Apple IOKit usb Framework) Best regards /Patrik
On Mar 26, 2010, at 4:39 AM, Patrik Ekdahl wrote:
Hi,
I have problems with the generic ifd-ccid driver for a OmniKey Cardman 3121 under Snow Leopard. Most of the time the ScardOpenReader call will return "Unresponsive card" or "No Smart Card inserted". I have the same problem with a Gemalto PC Key reader.
I've tried to recompile the driver and the pcsc daemon but no success. From the --debug logging of pcscd it seems like there are lots of USB related error, both reading and writing. I finally got the Omnikey reader to work, using their proprietary driver, by removing the corresponding items from the generic ifd-ccid Info.plist. Now it works like a charm, but it is a bit frustrating that the generic stuff wouldn't work.
Does anyone have any insight on this? If needed I could provide detailed log data from pcscd...
Original setup: PCSC Framework 1.4.0 ifd-ccid 1.3.8
Also tried (compiled for 64 bits): pcsc-lite 1.5.5 ifd-ccid 1.3.11 (linked to Apple IOKit usb Framework)
Best regards /Patrik
Patrik, A couple quick things..... • Please submit any development bugs as a Ticket [1] • Everything must be compiled 64-bit for Snow Leopard (10.6.x) • ifd-ccid is actually statically linked to libusb and not IOKit • You can not just build your *own* version of pcsc-lite 1.5.5 (pcscd) for Mac OS X, since there is a fair amount of Apple addtional code to integrate with securityd. The v1.4.x that is included in Mac OS X is posted under the Source Branch. Is it possible you are using Extended APDUs ? Note at the Smart Card Reader Matrix [2] for the CCID Reader Driver that for the 3121, supports "short APDU mode" [3]. [1] http://smartcardservices.macosforge.org/trac/newticket [2] http://pcsclite.alioth.debian.org/section.html [3] http://pcsclite.alioth.debian.org/ccid_extended_apdu.html -Shawn __________________________________________________ Shawn Geddis geddis@mac.com Security Consulting Engineer geddis@apple.com MacOSForge Project Lead: Smart Card Services Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo __________________________________________________
Hi Shawn, Thank you for your quick response. . Please submit any development bugs as a Ticket [1] Yes I will, as soon as I'm sure that it is not me that is the cause.... . Everything must be compiled 64-bit for Snow Leopard (10.6.x) I did. But strangely, running a "file" on ifd-ccid.bundle/Content/MacOS/libccid.dylib tells me that it's only compiled for 32 bit (i386 and ppc) . ifd-ccid is actually statically linked to libusb and not IOKit Okey, I see that now. /usr/local/bin/libusb-config --libs gets me libusb too. Sorry my misstake. . You can not just build your *own* version of pcsc-lite 1.5.5 (pcscd) for Mac OS X, since there is a fair amount of Apple addtional code to integrate with securityd. The v1.4.x that is included in Mac OS X is posted under the Source Branch. I was actually trying to de-integrate them by renaming pcscd to pcscd.new and run that from the shell with the additional --debug option. It's a bit strange that the arguments of pcscd are hardcoded into securityd and there is no way (that I saw) to pass additional arguments. B.t.w. If I boot the Mac with a reader connected and with a standard cell phone UICC inserted (containing no login token or anything) it seems like the login window just flashes between the normal login screen and an all-blue screen, and you're not able to enter your password as during a normal (username/password-based) login. I had to move the "builtin:smartcard-sniffer" down below the "builtin:authenticate,privileged" entry under "system.login.console" key in the /etc/authorization file. (also moved it under the key "authenticate"). This happens with the orignal versions of pcscd and ifd-ccid, so it's not something I indueced. This issue might be "off-topic" but you might be able to direct me to the appropriate place. Is it possible you are using Extended APDUs ? Note at the Smart Card Reader Matrix [2] for the CCID Reader Driver that for the 3121, supports "short APDU mode" [3]. I am using short APDUs. My standard test APDU is "00 a4 00 04 02 3f 00" (select master file and return FCP) Regards /Patrik
participants (2)
-
Patrik Ekdahl
-
Shawn A. Geddis