compilation with pcsc and openct together

[tomasjura]

Problem Description

The opensc can't be compiled with options --enable-pcsc, --enable-openct together. It seems that it was possible in the past (also here). Do I miss something?

It seems that the config setup with multiple drivers is explicitly rejected in the configure.ac lines 331-336. Why it is denied?

I have iKey 3000 (supported by openct) and GoTrust Idem Key ( supported by pcsc ) and want to use them both. Is that possible?

Steps to reproduce

run ./configure --enable-pcsc --enable-openct

Logs

...
configure: error: Only one of --enable-pcsc, --enable-cryptotokenkit, --enable-openct, --enable-ctapi can be specified!

[dengert]

The feature to use multiple reader drivers was removed in 2010: 72d961b

https://github.com/OpenSC/OpenSC/wiki/iKey-3000 is from 2012 and said it was supported by openct. Today, if it is still supported it should work with pcsc.

Using OpenSC built using pcsc, what is output from opensc-tool -a

[tomasjura]

iKey 3000 with pcsc doesn't work.

%openct-tool list ; echo ; opensc-tool -a
  0 Rainbow iKey 3000

No smart card readers found.
Failed to connect to reader: No readers found

I doesn't matter if ifdhandler from openct runs or not. pcsc does not support iKey.

If I compile opensc with openct support (and disabled pcsc) it works:

%./src/tools/opensc-tool -a
Using reader with a card: Rainbow iKey 3000

[dengert]

Have a look at: OpenSC/openct#9 which says: "I have developed a proof-of-concept PCSC ifd made out of the openct ifd code. No openct daemons or sockets are necessary, just an openct-ifd bundle, libopenct.so, and /etc/openct.conf" and says code is at https://github.com/cg2v/openct It says it is a fork of https://github.com/OpenSC/openct last updated in 2018.

https://github.com/OpenSC/openct has not been updated since 2015. Your Ikey 3000 also appears old and only supports RSA 1024.

You maybe on your own. Or submit issue or PR to https://github.com/cg2v/openct to get response from @cg2v last updated in 2018.

[frankmorgner]

One more possibility to add would be to have two seperate installations of OpenSC, one with support for PC/SC, the other one using OpenCT. With PKCS#11, for example, it is possible to load and use the two OpenSC providers into a single application at the same time.

[tomasjura]

I did the mentioned checkout from https://github.com/cg2v/openct and compile it. There is built library .libs/openct-ifd.so. Then did the following steps:

1. copy the library to /usr/lib/pcsc/drivers/openct.bundle/Contents/Linux/ under root
2. chmod 744 openct-ifd
3. strip openct-ifd
4. create /usr/lib/pcsc/drivers/openct.bundle/Contents/Info.plist accordingly Info.plist
5. restart the pcscd.service systemctl restart pcscd.service

Now it should work. Thanks all for help.

test:
pkcs15-tool --list-info
Using reader with a card: Rainbow iKey 3000 00 00
PKCS#15 Card [OpenSC Card]:
Version : 0
Serial number : 222062250032262d
Manufacturer ID: OpenSC Project
Last update : 20231028210100Z
Flags : EID compliant