Replies follow inline below..
mkosterlund wrote:
Is the Yubikey NEO piv applet usable with a contact-less CCID reader?
Yes.
mkosterlund wrote:
Can you please verify in what way, if any, you plan to change the current functionality?
eg. Will all certificate slots be available for both usb and contact-less reading?
There are no stated plans in this regard, but the current behaviour is in violation of the PIV spec. We might make a bit that can be toggled with the auth key or something like that. If a standard secure messaging implementation gets builtin for host-side software we will probably implement that and might enforce it for contactless functionality.
mkosterlund wrote:
is this also the case in contact less reading?
Yes, the applet does not check whether it's used in contact or contact-less mode. The 9e slot does not require pin for the authenticate operation.
mkosterlund wrote:
Can you name 1 or 2 contact-less usb CCID readers that work in your experience, also under windows.
Perhaps omnikey 5321 v2 ?
I think this has been discussed on the forum earlier.. : viewtopic.php?f=26&t=1345&p=5070
The Omnikey 5321 works fine but is a bit bulky if you only want a contactless reader. Genereally any standard reader should work, but we've not had the opportunity yet.
mkosterlund wrote:
We have been able to store, and do windows logon, with certificates stored in the following slots:
9a, 9d and 9e - however pin was always checked, this was using contact interface - is this expected behavior?
For 9e pin is not required, but this might be a windows thing that it always checks the pin. 9c should work but windows could restrict usage of 9c to signature operations and not allow it for authentication (if one is to think more on it 9d shouldn't be used for authentication either, only decryption)
/klasStatistics: Posted by Klas — Fri Jun 27, 2014 1:10 pm
]]>