GnuPG v2 card and extended APDU
A user reported a problem with a GnuPG v2 card and a OmniKey 4321 ExpressCard smart card reader. The same card works fine with a SCM SCR33x reader.
GnuPG v2 card
The card ATR is:
3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
and is known as GnuPG card V2.According to the GnuPG v2 specification:
Reader (informative)
- A common driver (CCID, PC/SC or CT-API) shall be supported.
- The driver should be available for several platforms (e.g. Win32, Linux, Macin
tosh) - T=1 and T=0 shall be supported for cards with contacts.
- High-Speed protocols should be supported.
- Extended length shall be supported.
The important point is highlighted. Of course you do not read the card user manual before buying a smart card reader for your card. And the notion of "Extended length" can be quiet obscure for a user.
Extended length APDU
The difference between the two readers is that:
- The OMNIKEY CardMan 4321 is a "Short APDU level exchange" reader
- The SCM Microsystems Inc. SCR33x USB Smart Card Reader is a "TPDU level exchange" reader
I tried to document the problems with extended APDU in a special page Extended APDU support of the CCID driver.
But this is also obscure for a normal smart card user.
PC/SC and extended APDU
One major problem is that an application at the PC/SC level has no way to know if the reader does or does not support extended APDU.
I tried to propose a mechanism so that an application can know if the reader support extended APDU. The idea is that the application can display a human readable error message. That would avoid me to receive bug reports. But the idea was more or less refused by the PC/SC workgroup. Short APDU should be defined before defining extended APDU. And short APDU are not yet defined by the PC/SC workgroup :-(
One day I will blog about the PC/SC workgroup.