Page MenuHomePureOS Tracker

libccid does not recognize Librem Key (opensc, opensc-pkcs11)
Open, NormalPublic

Description

libccid (https://packages.debian.org/buster/libccid) uses a hard-coded list of supported devices, and the Librem Key is not listed in it.

As such, tools that depend of libccid, like opensc-pkcs11 (https://packages.debian.org/buster/opensc-pkcs11) for PKCS#11 do not recognize the Librem Key.

Current status of this: Our patch sent upstream has been merged, and libccid 1.4.32 now supports the Librem Key out of the box. This version is already available in PureOS Byzantium, Debian testing, and any distro that has version 1.4.32 of this package.

We still need to check if we have interest in backporting this patch to Amber


Workaround:

The current workaround is to manually edit the libccid list of supported devices and add the Librem Key: Friendly Name, Vendor ID and Device ID.

after libccid is installed, the file with the list of supported devices can be found at: /etc/libccid_Info.plist

And adding the following strings:

in <key>ifdVendorID</key>

add: <string>0x316D</string>

in: <key>ifdProductID</key>

add: <string>0x4C4B</string>

in: <key>ifdFriendlyName</key>

add: <string>Librem Key</string>

After rebooting the machine, libccid will recognize the Librem Key


Long term solution:

We need to submit an upstream patch to libccid at: https://salsa.debian.org/rousseau/CCID

The workflow to request to the developers adding support for a new device is explained here: https://ccid.apdu.fr/#CCID_compliant

Event Timeline

jeremiah.foster triaged this task as Normal priority.
joao.azevedo updated the task description. (Show Details)Dec 13 2019, 03:25

The developer of libccid has been contacted.

Sent him the output files he asks in his website via email along with information regarding the Librem Key. And asking what more information is required on our side.

Waiting on his reply

Seems the emails sent to the developers bounced back. Checking it with our sysadmins and looking for alternative ways to contact them

Ok, finally managed to send a message to the developer via email that did not bounced back.

Support for the Librem Key has been merged into CCID : https://salsa.debian.org/rousseau/CCID/commit/ebd991f05c1ea2ba55bc431f624c7682c14ca623

Now it is a matter of the next release and it being updated in Debian Stable

joao.azevedo renamed this task from libccid does not recognize Librem Key (opencs, opencs-pkcs11) to libccid does not recognize Librem Key (opensc, opensc-pkcs11).Feb 10 2020, 01:37

New version of libccid ((1.4.32-1) ) has been released and it includes our upstream packages to include Support for the Librem Key USA (
https://salsa.debian.org/rousseau/CCID/-/tags/ccid-1.4.32)

The package has already landed in Debian Testing (https://packages.debian.org/bullseye/libccid), and it has reached also PureOS landing (https://software.pureos.net/package/bin/landing/libccid), meaning that soon it will reach PureOS Byzanthium.

I have downloaded the .deb package from landing and tested it in PureOS Amber and it works out of the box, no dependency issues.

Do we want to consider fast tracking the future libccid package from Byzantium to Amber? So we can provide support for pkcs11 and pkcs15 out of the box with the Librem Key USA for Amber users.

joao.azevedo added subscribers: jeremiah.foster, mak.EditedTue, Apr 28, 03:05

@jeremiah.foster @mak can we consider the above?

mladen added a subscriber: mladen.Tue, Apr 28, 03:28

Perhaps this will also fix T803 ?

Perhaps this will also fix T803 ?

@mladen just did a lsusb on my machine with the new version of libccid and the problem of T803 is not solved. But i'll post there as well

@mak @jeremiah.foster this new version of libccid just landed in Byzantium.

Is there any interest in fast forwarding it to Amber?

I think this is worth looking into - let me see if I can upload a new version of the library packaged for Amber.

mak added a comment.Thu, Apr 30, 19:28

Do we need a new version of the library in amber, or is there a patch that we can apply to the amber version? Uploading a new upstream version always comes with some risk of breaking other stuff (unless it's a pure bugfix release).

unless it's a pure bugfix release

Sadly the new version libccid (ccid-1.4.32) has no release notes: https://salsa.debian.org/rousseau/CCID/-/tags/ccid-1.4.32

From a fast read of the commit log since version 1.4.32 til this latest release: https://salsa.debian.org/rousseau/CCID/-/commits/master

It seems mostly:

  • adding support for new devices
  • code refactoring
  • small bug fixes

But someone might want to have a look instead of taking my word for it.

or is there a patch that we can apply to the amber version

I have no idea.

Maybe contact the developer about this? He is also the Debian maintainer of this package.

I am not familiar enough with debian infra structure to be able to sort out of there is a backport patch of the current version in Stable: 1.4.30-1

joao.azevedo updated the task description. (Show Details)Wed, May 6, 00:55

The versions in Amber and Byzantium are not far apart; https://software.pureos.net/search_pkg?term=libccid
In Debian's Salsa it appears they're about 88 commits apart: https://salsa.debian.org/rousseau/CCID/-/compare/ccid-1.4.30...ccid-1.4.32

It comes down to how big the changes are, some are likely very small, some might be complex and intrusive, but it looks like a rebuild for Amber seems possible to just bring in the latest version. But if the work becomes too complex there are other things that are higher priorities.

joao.azevedo removed joao.azevedo as the assignee of this task.Wed, May 6, 08:00
joao.azevedo assigned this task to jeremiah.foster.