[SmartcardServices-Users] Store key on NFC tag that is acceptable to sc_auth?

Mon Feb 2 11:33:58 PST 2015

On 25 Jan 2015, at 21:34, Shawn Geddis <geddis at icloud.com> wrote:
> On Jan 25, 2015, at 8:08 AM, Henrik Brautaset Aronsen <henrik at synth.no> wrote:
>> This is just a rewritable NFC tag with about 800 bytes of rewriteable memory [1].  It's not interfaced with a smartcard, so I guess an applet is not available in my case.   
> 
> A TokenD can be written to communicate with just about any type of device or technology.  Sorry if I implied otherwise.  My reference to Applet was because the vast majority of Smart Cards/Readers in use, particularly on OS X, are those used for PKI and are applet based.  Any developer, however, can create a TokenD that communicates with any technology — an NFC tag, an HSM, a key FOB, etc… 

I see!  Thanks for insight.

> Looking at content from your original email message:
> 17/01/15 21:04:28,005 com.apple.SecurityServer[71]: reader ACS ACR122U: state changed 16 -> 34
> 17/01/15 21:04:30,066 com.apple.SecurityServer[71]: token in reader ACS ACR122U cannot be used (error 229)
> 17/01/15 21:04:33,567 com.apple.SecurityServer[71]: reader ACS ACR122U: state changed 32 -> 18
> 
> The second line shows that no currently installed TokenD responded to the SmartCardServices layer that it could recognize and communicate with the current token recognized after the event “token Insertion” (card insertion) took place.  If you develop a TokenD to respond with success after probing the Token, you would then have a TokenD which would remain loaded until the “token removal” (card removal) event was recognized.  

OK, so a TokenD is required to get me any further? Got it.

> If you are going to be doing the development yourself or you are helping someone else do the development, you might want to look at the source code in the repository for say  "PIV” (for PIV.tokend) inside the tokend Xcode Project and start with the probe function to understand how the "score” determines which TokenD “wins” and remains loaded/communicating with the ‘token’.  Please keep in mind the open source licensing requirements.

That's a good start, thanks.

> It is possible to do what you want *IF* you develop or have someone else develop the corresponding TokenD to support the devices (ie. NXP NTAG) you wish to use.
> 
> Hope this helps to explain the environment better and give you guidance as to how to proceed.

It certainly does.

So, do you reckon I need libnfc [1] or ifdnfc [2] at all?  I've been pointed to those by other sources.

Henrik

[1] http://nfc-tools.org/index.php?title=Libnfc
[2] http://nfc-tools.org/index.php?title=Ifdnfc