[Pcsclite-muscle] issues with OmniKey 3121 and InCard cards

Ludovic Rousseau ludovic.rousseau at gmail.com
Thu May 10 07:49:36 PDT 2018 

2018-05-09 9:59 GMT+02:00 Ludovic Rousseau <ludovic.rousseau at gmail.com>:
> 2018-05-09 9:12 GMT+02:00 Umberto Rustichelli <umberto.rustichelli at gt50.org>:
>> On 05/08/2018 04:50 PM, Ludovic Rousseau wrote:
>>> My best guess is that for 2048-bits keys (256 bytes) the PKCS#11
>>> library uses extended APDU commands.
>>> Some readers (~35%) do not support extended APDU.
>>>
>>> Seehttps://ludovicrousseau.blogspot.fr/2011/05/extended-apdu-status-per-reader.html
>>> for more details.
>>>
>>> The solution is to use only readers that support extended APDU.
>>> You can get a list athttps://ccid.apdu.fr/ccid_extended_apdu.html
>>
>>
>> Thanks a lot, Ludovic.
>>
>> I'm sorry but likely I misunderstood commit
>> 3b29cc5afbbe27bb5421d334623bbd07c574bbf8 (see later), I thought it meant
>> that a fix was applied because the reader supports Extended APDU it in spite
>> of not declaring it. But the phrase may also point to what preceded, not
>> followed, the "also support Extended APDU".
>>
>>   Umberto Rustichelli
>>
>> THE OLD COMMIT EXCERPT:
>>
>> commit 3b29cc5afbbe27bb5421d334623bbd07c574bbf8
>> Author: Ludovic Rousseau <ludovic.rousseau at free.fr>
>> Date:   Sat Aug 19 23:20:09 2017 +0200
>>
>>     Fix non-pinpad HID global devices
>>     [...]
>>     The USB descriptor is bogus.
>>     The readers also support Extended APDU even if they declare Short APDU.
>>     Bogus readers are:
>>     - OMNIKEY Generic
>>     - OMNIKEY 3121 or 3021 or 1021
>>     - [...]
>
> You are right.
>
> Please generate a log as described in https://ccid.apdu.fr/#support

>From your logs your reader is a 076b/3021
It is this one https://ccid.apdu.fr/ccid/shouldwork.html#0x076B0x3021

This reader, with a product ID of 0x3021, is NOT concerned by the
patch https://salsa.debian.org/rousseau/CCID/commit/3b29cc5afbbe27bb5421d334623bbd07c574bbf8
you reference.

The patch is for product ID 0x3031 not 0x3021.

So my first answer is correct: your reader does not support extended APDU.

You can try to patch the CCID driver to add a:
   case 0x076b3021:
at line 492 of ccid/ccid.c so your reader is considered as supporting
extended APDU.

Bye

-- 
 Dr. Ludovic Rousseau

More information about the pcsclite-muscle mailing list