Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Wednesday, January 27, 2016

New PyKCS11 1.3.2 available

I just released a new version of PyKCS11, a Python wrapper above the PKCS#11 API.

See PyKCS11 introduction for more details about PyKCS11.

Changes:
1.3.2 - January 2016, Ludovic Rousseau
  • Add wrappers for C_Verify, C_WrapKey, C_UnwrapKey
  • PKCS#11 definitions: sync with Cryptoki version 2.30
  • Generate CKM[CKM_VENDOR_DEFINED+x] values on the fly
  • Fix use of a pinpad reader CKF_PROTECTED_AUTHENTICATION_PATH
  • dumpit.py: lots of small fixes
  • Setup call make to build pykcs11_wrap.cpp using SWIG
  • Fix build on Windows
  • Small bugs fixed

I also noticed that I forgot to blog about the previous version: 1.3.1

Changes:
1.3.1 - October 2015, Ludovic Rousseau
  • PKCS#11 definitions: sync with Cryptoki version 2.30
  • Add user type CK_CONTEXT_SPECIFIC
  • Fixes #9, incorrect assignment of pParameter for CK_MECHANISMs.
  • CKA_DERIVE is a CK_BBOOL and not byte array
  • Add digest() and encrypt method to Session class
  • Add samples:
    • key-pair generation
    • key-pair generation + certificate import
    • printing public key modulus
    • computing signature
  • small bugs fixed

Saturday, January 23, 2016

ATR statistics: ATR list growth

Article from the series "ATR statistics"

Evolution of the number of ATRs

Since 2002 I add new ATRs in the ATR list, ATRs submitted by users of my tools: ATR_analysis and Smart card ATR parsing. I wanted to know how regularly I did that over the lifetime of the project (more than 14 years now).

I now have 2098 ATR entries in my list.

Graph



I am really surprised by the linearity of the curve.

The curve does not start at 0 ATR because the first versions of the list were stored in CVS Version Control System (I then used Subversion and now GIT). It looks like I lost the CVS history when I moved to Subversion in 2009.




The linear correlation equation is (according to Numbers): y = 6.308e-6 x - 940.4
That is a progression of 6.308x10-6 ATR per second, or 0.54 ATR per day, or 3.8 ATR per week, or 199 ATR per year.

The coefficient of determination R2 is equal to 0.996 (very close to 1) so the linear approximation is quiet good.

Conclusion

The progression may stay constant as new smart cards, with new ATRs, are continuously delivered to users by smart card providers.

Maybe this data is a good indication of the health of the smart card industry? What do you think?

ATR list study

Since 2002 I maintain a list of ATR (Answer-to-Reset). The idea is to identify a smart card given its ATR.

The project started as a Perl script (ATR_analysis from the pcsc-tools project), then moved into a Python script (parseATR.py from parseATR sub-project of pyscard-contrib) and is now a online web application: Smart card ATR parsing.

I now have 2098 ATRs in my list and I think it is time to make some statistics.

Articles

This article is a meta article (as I did with "CCID descriptor statistics") and contains only pointers to other articles:

Documentation

You can read the Wikipedia pages about Answer-to-Reset and ISO 7816.

Or you can pay 178 CHF (162 €) to buy and read the ISO 7816-3 document (the price is the same for a PDF version or a printed version on dead trees).

Yes, I find it stupid to have to pay to read standards. Luckily the Internet is build upon free (as in free beer) Request for Comments (RFC) from The Internet Engineering Task Force (IETF®) and not ISO protocols. But that is not the subject of this article.

Tuesday, January 19, 2016

PyKCS11 repository has moved

PyKCS11 is the Python wrapper above a PKCS#11 library. I presented it in "PyKCS11 introduction"

New location

I moved the PyKCS11 Mercurial repository in a team repository.
The new repository is now at: https://bitbucket.org/PyKCS11/pykcs11

Upgrade

  1. Create a new local repository using the new URL.
    $ hg clone https://bitbucket.org/PyKCS11/pykcs11
  2. Apply your local changes, if any.

Sunday, January 10, 2016

New version of libccid: 1.4.22

I just released a version 1.4.22 of libccid the Free Software CCID class smart card reader driver.

Changes:
1.4.22 - 10 January 2016, Ludovic Rousseau
  • Add support of
    • Aktiv Rutoken PINPad 2
    • Aladdin R.D. JC-WebPass (JC600)
    • Aladdin R.D. JCR-770
    • Aladdin R.D. JaCarta
    • Aladdin R.D. JaCarta Flash
    • Aladdin R.D. JaCarta LT
    • Aladdin R.D. JaCarta U2F (JC602)
    • Athena ASEDrive IIIe Combo Bio PIV
    • Athena ASEDrive IIIe KB Bio PIV
    • GEMALTO CT1100
    • GEMALTO K1100
    • Hitachi, Ltd. Hitachi Biometric Reader
    • Hitachi, Ltd. Hitachi Portable Biometric Reader
    • Nitrokey Nitrokey Storage
    • THURSBY SOFTWARE TSS-PK1
    • Thursby Software Systems, Inc. TSS-PK7
    • Thursby Software Systems, Inc. TSS-PK8
  • Patch for Microchip SEC1110 reader on Mac OS X (card events notification)
  • Patch for Cherry KC 1000 SC (problem was with a T=1 card and case 2 APDU)
  • Fix support of FEATURE_MCT_READER_DIRECT for the Kobil mIDentity visual reader
  • Set timeout to 90 sec for PPDU (Pseudo APDU) commands. This change allows the use of a Secure Verify command sent as a PPDU through SCardTransmit().
  • Fix a crash when reader reader initialization failed
  • Fix initialization bug with Gemalto Pinpad reader on Mac OS X
  • Some minor bugs fixed

Friday, January 8, 2016

Someone is playing with my online ATR parsing tool

I provide a Smart card ATR parsing online tool since 2010. See "Parsing an ATR: now more web 2.0 friendly" for the previous article about it.

The online tool is no more available and you get the error message:


This is because a computer has provided the same ATR (the default one) over and over again until my quota was exceeded.


I know the IP address of the offending computer: 167.114.13.x. It is a computer in an OVH data center in Beauharnois (BHS) Canada.

The quota should be restored every 24 hours so the web application may be available again when you read this.

If you are the owner of the offending computer please stop. It is a denial of service. It is not funny.

For the others, sorry for the inconvenience.

Sunday, January 3, 2016

MUSCLE mailing list statistics for 2015

As I did in 2009, 2010, 2011, 2012, 2013 and 2014 I propose some statistics of the MUSCLE mailing list usage.

Evolution

YearTotal number of messages Progression
2009603
2010718+19 %
2011999+39 %
2012207-79 %
2013198-4 %
2014194-2 %
2014194-2 %
2015120-38 %

The number of messages is declining. At the same time I get more requests by email.

My interpretation is that the software pcsc-lite, libccid, etc. are stable now. But people have problems using it. That could also explain why the sample code articles have success (see my previous article "Happy new year 2016").

Comments

I am still the top poster on the MUSCLE mailing list with 33% of the messages.

The second top poster is Fabrice DIMITRIOU (fdimitriou@tmm-software.com) with 12 "Out of office" messages and the most successful subject. Well done Fabrice ☺.



Statistics from 20.1.2015 to 31.12.2015
for pcsclite-muscle@lists.alioth.debian.org



People who have written most messages:

  Author  Msg  Percent 
1ludovic.rousseau@gmail.com40 33.33 %
2fdimitriou@tmm-software.com12 10.00 %
3bill.c.roberts@gmail.com8 6.67 %
4guy@linux-service.be7 5.83 %
5rickyepoderi@yahoo.es5 4.17 %
6henrik@synth.no4 3.33 %
7fdeybach@gmail.com4 3.33 %
8Jindrich.Mican@lgnexera.at3 2.50 %
9morgner@informatik.hu-berlin.de3 2.50 %
10EHeck@intarsys.de3 2.50 %
11william.to@erg.com.hk3 2.50 %
12martin@martinpaljak.net2 1.67 %
13moshman@gmail.com2 1.67 %
14orzel@freehackers.org2 1.67 %
15elbuffo166@gmail.com2 1.67 %
16saper@saper.info2 1.67 %
17marian.thieme@gmail.com2 1.67 %
18gdt@ir.bbn.com1 0.83 %
19jhutz@cmu.edu1 0.83 %
20bbsoo7@live.com1 0.83 %
21pcsclite.pkoch@dfgh.net1 0.83 %
22russ@garrett.co.uk1 0.83 %
23info@boac.nl1 0.83 %
24helpcrypto@gmail.com1 0.83 %
25Tom.Arnautovic@neardesk.com1 0.83 %
26crack.nyse@gmail.com1 0.83 %
27luc.mazardo@orange.com1 0.83 %
28Pcsclite-muscle =
1 0.83 %
29Herve.CODINA@celad.com1 0.83 %
30nicksp@gmail.com1 0.83 %
 other3 2.50 %

Best authors, by total size of their messages (w/o quoting):

  Author  KBytes 
1ludovic.rousseau@gmail.com 296.6
2fdimitriou@tmm-software.com 102.6
3bill.c.roberts@gmail.com 83.0
4guy@linux-service.be 53.8
5Tom.Arnautovic@neardesk.com 45.1
6EHeck@intarsys.de 29.4
7rickyepoderi@yahoo.es 28.8
8william.to@erg.com.hk 23.4
9morgner@informatik.hu-berlin.de 22.1
10martin@martinpaljak.net 20.7
11orzel@freehackers.org 18.3
12Herve.CODINA@celad.com 16.2
13henrik@synth.no 15.3
14fdeybach@gmail.com 13.6
15ignacio.casal@nice-software.com 13.6
16helpcrypto@gmail.com 10.7
17saper@saper.info 10.6
18elbuffo166@gmail.com 10.4
19Jindrich.Mican@lgnexera.at 9.2
20bbsoo7@live.com 8.8
21marian.thieme@gmail.com 8.5
22Pcsclite-muscle =
8.5
23gdt@ir.bbn.com 8.3
24moshman@gmail.com 7.7
25godfreyhkchung@gmail.com 7.0
26luc.mazardo@orange.com 6.9
27mkl@pengutronix.de 6.6
28crack.nyse@gmail.com 5.2
29russ@garrett.co.uk 5.0
30nicksp@gmail.com 2.1

Best authors, by average size of their message (w/o quoting):

  Author  bytes 
1Tom.Arnautovic@neardesk.com46175
2Herve.CODINA@celad.com16576
3ignacio.casal@nice-software.com13877
4helpcrypto@gmail.com10974
5bill.c.roberts@gmail.com10625
6martin@martinpaljak.net10576
7EHeck@intarsys.de10019
8orzel@freehackers.org9351
9bbsoo7@live.com8967
10fdimitriou@tmm-software.com8758
11Pcsclite-muscle =
8680
12gdt@ir.bbn.com8473
13william.to@erg.com.hk7978
14guy@linux-service.be7872
15ludovic.rousseau@gmail.com7593
16morgner@informatik.hu-berlin.de7559
17godfreyhkchung@gmail.com7120
18luc.mazardo@orange.com7066
19mkl@pengutronix.de6797
20rickyepoderi@yahoo.es5890
21saper@saper.info5448
22elbuffo166@gmail.com5324
23crack.nyse@gmail.com5316
24russ@garrett.co.uk5146
25marian.thieme@gmail.com4362
26moshman@gmail.com3918
27henrik@synth.no3906
28fdeybach@gmail.com3480
29Jindrich.Mican@lgnexera.at3136
30nicksp@gmail.com2172

Table showing the most successful subjects:

  Subject  Msg  Percent 
1[Pcsclite-muscle] Absence du bureau / Out of the office
13 10.83 %
2[Pcsclite-muscle] IFD polling
11 9.17 %
3[Pcsclite-muscle] pcscd segfaults
8 6.67 %
4[Pcsclite-muscle] Authenticate on OSX with NFC
6 5.00 %
5[Pcsclite-muscle] question about locking and reconnect
5 4.17 %
6[Pcsclite-muscle] Possible data truncation on receive in 1.8.14
5 4.17 %
7[Pcsclite-muscle] Failure to read Gemalto IDPrime MD with USB
4 3.33 %
8[Pcsclite-muscle] Android Smart Card Emulator
3 2.50 %
9[Pcsclite-muscle] Deny card access for one application
3 2.50 %
10[Pcsclite-muscle] What is CLASS2_IOCTL_MAGIC?
3 2.50 %
11[Pcsclite-muscle] Solaris 11 and pcsc-lite
3 2.50 %
12[Pcsclite-muscle] [PATCH] ContextThread: SCARD_TRANSMIT: work
3 2.50 %
13[Pcsclite-muscle] Semantics of
2 1.67 %
14AW: Issue with pcsc-lite through rdesktop (share of scard to
2 1.67 %
15[Pcsclite-muscle] Yubikey in OTP+U2F+CCID mode
2 1.67 %
16pcsc-lite and polkit rules in openSUSE 13.2
2 1.67 %
17[Pcsclite-muscle] Card Reader Issue
2 1.67 %
18[Pcsclite-muscle] Error communicating to: GemPCTwin serial 00 00
2 1.67 %
19[Pcsclite-muscle] Smartcard PAM module load failed after update
2 1.67 %
20[Pcsclite-muscle] [PATCH 1/1] pcscdaemon: fix "at_exit() write()
2 1.67 %
21[Pcsclite-muscle] OMNIKEY CardMan 5321 reader shown twice
2 1.67 %
22[Pcsclite-muscle] Questions about supported devices page
2 1.67 %
23[Pcsclite-muscle] Possibility to disable Reader Interface?
2 1.67 %
24[Pcsclite-muscle] Feitian SCR301 - new version
2 1.67 %
25[Pcsclite-muscle] Smartcard reader not detected on fedora 23
2 1.67 %
26[Pcsclite-muscle] problems with rocketec reader
2 1.67 %
27[Pcsclite-muscle] apdu4j - Java code and command line utility for
1 0.83 %
28[Pcsclite-muscle] OSX - Yosemite - PCSC-Lite vs CryptoToken
1 0.83 %
29[Pcsclite-muscle] questions for "Card auto power on and off"
1 0.83 %
30[Pcsclite-muscle] TAG_IFD_POOLING_THREAD_WITH_TIMEOUT not
1 0.83 %
 other2117.50 %

Most used email clients:

  Mailer  Msg  Percent 
1(unknown)94 78.33 %
2Mozilla/5.x8 6.67 %
3KMail7 5.83 %
4Postbox 3.0.11 (Macintosh/20140602)
2 1.67 %
5Apple Mail (2.2070.4)
2 1.67 %
6K-9 Mail for Android
2 1.67 %
7Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.4 (berkeley-unix)
1 0.83 %
8Evolution 3.10.4-0ubuntu2
1 0.83 %
9Microsoft Outlook 15.0
1 0.83 %
10git-send-email 1.7.9.5
1 0.83 %
11Apple Mail (2.3096.5)
1 0.83 %
 other0 0.00 %

Table of maximal quoting:

  Author  Percent 
1info@boac.nl 77.38 %
2pcsclite.pkoch@dfgh.net 53.62 %
3Tom.Arnautovic@neardesk.com 36.24 %
4moshman@gmail.com 32.81 %
5morgner@informatik.hu-berlin.de 24.95 %
6bill.c.roberts@gmail.com 23.27 %
7henrik@synth.no 22.74 %
8nicksp@gmail.com 21.21 %
9ignacio.casal@nice-software.com 19.96 %
10helpcrypto@gmail.com 15.32 %
11fdeybach@gmail.com 14.77 %
12saper@saper.info 14.59 %
13guy@linux-service.be 14.53 %
14Jindrich.Mican@lgnexera.at 14.53 %
15elbuffo166@gmail.com 14.16 %
16fdimitriou@tmm-software.com 13.75 %
17jhutz@cmu.edu 13.59 %
18rickyepoderi@yahoo.es 13.02 %
19marian.thieme@gmail.com 13.02 %
20william.to@erg.com.hk 11.63 %
21ludovic.rousseau@gmail.com 8.78 %
22orzel@freehackers.org 7.46 %
23Pcsclite-muscle =
7.00 %
24bbsoo7@live.com 6.35 %
25EHeck@intarsys.de 5.93 %
26martin@martinpaljak.net 5.54 %
27luc.mazardo@orange.com 3.68 %
28crack.nyse@gmail.com 3.41 %
29Herve.CODINA@celad.com 3.12 %
30godfreyhkchung@gmail.com 1.01 %
 average 14.73 %

Graph showing number of messages written during hours of day:

msgs
2
|
0
|
0
|
0
|
0
|
0
|
0
|
2
|
3
|
2
|
10
|
6
|
8
|
10
|
13
|
13
|
9
|
8
|
10
|
4
|
6
|
7
|
3
|
4
|
hour
01234567891011121314151617181920212223

Graph showing number of messages written during days of month:

msgs
2
|
3
|
7
|
4
|
4
|
3
|
5
|
5
|
3
|
5
|
4
|
3
|
4
|
1
|
0
|
1
|
2
|
10
|
3
|
3
|
3
|
3
|
3
|
10
|
9
|
8
|
3
|
3
|
3
|
0
|
3
|
day
12345678910111213141516171819202122232425262728293031

Graph showing number of messages written during days of week:

msgs
16
|
25
|
23
|
19
|
26
|
6
|
5
|

MonTueWedThuFriSatSun

Maximal quoting:

Author : guy@linux-service.be
Subject : [Pcsclite-muscle] debian 8 pcscd

Date : Wed, 22 Jul 2015 12:18:13 +0200

Quote ratio: 77.62% / 4540 bytes

Longest message:

Author : Tom.Arnautovic@neardesk.com
Subject : [Pcsclite-muscle] Card Reader Issue
Date : Mon, 18 May 2015 13:46:56 +0000
Size : 72421 bytes

Most successful subject:

Subject : [Pcsclite-muscle] Absence du bureau / Out of the office
No. of msgs: 13
Total size : 130236 bytes

Final summary:

Total number of messages: 120
Total number of different authors: 33
Total number of different subjects: 51
Total size of messages (w/o headers): 1083656 bytes
Average size of a message: 9030 bytes


Input file last updated: Sun Jan 3 10:18:30 2016
Generated by MailListStat v1.3