Support emulated OpenPGP applet in Android HCE

[frankmorgner]

I created a simple Host Card Emulation (HCE) App for Android which integrates the OpenPGP applet of @Yubico.

Unfortunately I can't use the applet out of the box since the card-openpgp.c recognizes a card by its ATR rather than the AID. I am not familiar how to determine the OpenPGP version (1 or 2) so I can't really fix this at the moment. @hongquan do you know how this can be done in a more flexible way?

[hongquan]

@frankmorgner According to 4.1.2.1 Application Identifier (AID) of http:https://g10code.com/docs/openpgp-card-2.0.pdf, OpenPGP version can be determined via AID. But the card-openpgp.c follows the common routine of other OpenSC card drivers to recognize based on ATR. I don't know if there is way to change to AID.

[dengert]

Some cards, will try and read the default AID, rather then using the ATR. card-piv.c is one of these.
There is also code in opensc.conf that can specify which application to use from a card.
The whole selection process on cards vs applications in OpenSC needs to be reworked,
and look for AIDs first, as most modern cards can support multiple applications, and the same
application can be implemented on many cards.

You mentioned Yubico. The Neo can have both an OpenPGP and PIV application, and it not clear
how this should be handled. A card should have a default application. I think OpenSC can only support one at a time and opensc.conf can select which one to use. Maybe with PKCS#11 each application could be presented as a token, this would take some extra programming.

[frankmorgner]

@hongquan thanks for the link, I'll look into it.

@dengert in theory you are right that this is a deeper problem of OpenSC (and I guess all smart card software that was started many years ago).

However, I'm talking about card-openpgp.c only: It could simply change from ATR recognition to AID recognition because all OpenPGP data is in that application. So switching to the more flexible method is very simple, in my case.

[viktorTarasov]

First of all the OpenSC is for PKCS#15 cards.
If it can access the EF.DIR, it parses multiple on-card applications and present them in a separate slots (in PKCS11 context).
Otherwise the only source of knowledge about on-card applications is the driver itself or configuration (not sure it's implemented).

[hongquan]

Thank @dengert

Ok, I will research and change this function https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/card-openpgp.c#L286 to have AID recognition support.

[frankmorgner]

@hongquan any updates on this?

[hongquan]

@frankmorgner Sorry, no update yet.

[frankmorgner]

ooops, closed a bit too fast

[dengert]

Also see comments in #551, abount the ATR not being added.