Thank you for your suggestion about Reiner SCT cyberjack.
Please let me know how can I determine by myself if another reader works for a confirmation of a transaction of your smart card via PKCS#11 module from sc-hsm-embedded ?
For example there are a few PIN PAD SC readers mentioned on Debian website:
https://web.archive.org/web/20200826093718/https://wiki.gnupg.org/CardReader/PinpadInput
SCM SPR 532
- USB ID: 04e6:e003
- PC/SC reader name: SPRx32
KAAN Advanced
- USB ID: 0d46:
FSIJ Gnuk Token
- USB ID: 234b:0000
Reiner cyberJack Go
- USB ID: 0c4b:0504
Vasco DigiPASS 920
- USB ID: 1a44:0920
Cherry ST2000
- USB ID: 046a:003e
What criterias, keywords or features of a reader can indicate a compatibility of such a reader with your card especially with a PIN entered on the reader’s PAD feature working correclty?
For example according to the page:
https://ccid.apdu.fr/ccid/supported.html
at least provided with some firmware level conditions following reader models shall be supported by the open source CCID driver:
SCM SPR 532, Kobil KAAN Advanced, Cherry ST2000
Do they allow to enter PIN code on the reader’s PAD for you HSM2 SC?
I ask this because even some models of Reiner cyberJack are mentioned as not working with opensc at least a few years ago:
https://lists.gnupg.org/pipermail/gnupg-users/2016-May/055946.html
If I understand correctly they mention that only a model with CCID support will work for entering PINs on the reader’s PAD?
When I asked ACS support in Russia they told me their models with PIN PADs do NOT support what I need (OpenSC, OpenSSH, etc.), they offer a SDK for a custom integration into each application.
Does it mean some models of Reiner SCT cyberJack reader are already integrated to OpenSC, which means OpenSC (or some other level of software stack like CCID driver, PCSCD, etc.) knows that a PIN shall be asked on the reader device and knows how to tallk with correct APDU commands to them? Sorry if I am wrong with terminology, I have not enough knowledge in that area and reader’s support staff often does not have it too according to my experience.
It seems there is an active support of the Reiner reader in Debian:
https://tracker.debian.org/pkg/pcsc-cyberjack
Can you please tell exact USB IDs of the compatible models of readers. A few of alternatives would be very helpful for a wider and easier choice and better understanding of what they have in common which allows them to work with your HSM SC + OpenSC + confirmation PIN entered on the reader’s PAD + support for OpenSSH and GPG applications.
Does support of OpenSC means also a compatibility with OpenBSD too if SC stack is built from ports?
Following use cases would be desirable to work with your HSM SC and a reader:
- Authenticate login over SSH by your HSM SC and confirm it on the reader’s PIN PAD.
The same in OpenBSD too in addition to Linux, it means support of OpenSC is needed for the SC and reader with PIN PAD and CCID driver shall be open source too. - Decrypt messages or text strings (for example passwords for LUKS2 slots) by command line tools, for example GPG, OpenSSL, etc. using private key stored inside your HSM SC and confirm it on the reader’s PIN PAD.
- Authenticate login into a Linux desktop via a PAM module configured for your your HSM SC and confirm it on the reader’s PIN PAD.