Andreas Schwier | 10 Nov 2014
Starting in November 2014, the SmartCard-HSM USB-Stick ships with a new hardware revision.
While the functionality of the SmartCard-HSM remains the same, the build-in CCID controller has been replaced.
As a consequence, the device now has a different USB product id, which has been added to the device list in libccid only recently.
Unfortunately, it takes a little while until libccid updates reach the major distributions and finally your Linux or MacOS X desktop.
The following steps show how you can enable the SmartCard-HSM USB-Stick on a system with outdated libccid.
UPDATE: Starting September 2017 we replaced the USB-Stick with a combination of a SIM reader and a SIM card. The token looks the same as before, but has an inserted Mini SIM card rather than an embedded secure element. This change was done to move from the JCOP 2.4.1r3 to the newer JCOP 2.4.2r3 platform. Unfortunately, the newer version is not available as embedded secure element.
JCOP 2.4.2r3 is the successor of JCOP 2.4.1r3 and has a better random number generator (DRNG.3 instead of DRNG.2) and supports secure messaging with AES.
How to check if you are affected
The new hardware revision has a silver label on the back, containing the CE label and other declarations. The previous revision had only a white sticker with version and device number on the back. Only devices with the silver sticker are affected.
If you are using the SmartCard-HSM USB-Stick on Windows, then you are not affected. The Windows PC/SC subsystem will automatically detect the CCID controller and install the necessary driver.
If you are on Linux, MacOS X or any other Unix based operating system, then chances are, that your version of libccid is too old to recognize the device.
If the device is not detected by PC/SC or a PC/SC aware application, then please check, if the SmartCard-HSM’s product id is contained in libccid’s configuration file Info.plist.
Locating the configuration file
Info.plist is usually installed in /usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents on Linux and /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents on MacOS.
You can open the text file using an editor. The file contains three arrays of values, the ifdVendorID, the ifdProductID and the ifdFriendlyName. If the new product ID 0x5817 is not listed in the ifdProductID section, then you need to add an entry to each of the three arrays
Adding the SmartCard-HSM manually
You will need to add an entry to each of the three arrays in Info.plist.
The ifdVendorID array needs two additional entries
The ifdProductID array needs two additional entries
The ifdFriendlyName array needs two additional entry
<string>CardContact SmartCard-HSM</string> <string>CardContact SmartCard-HSM</string>
All three entries must be at the same position in the array, so either add them to the beginning or the end of the list.
Using a script to add the product id
There is a script in the sc-hsm-embedded project at Github that can automatically locate and update the libccid configuration.