CardContact Systems GmbH

Any recommended way to move forward with this ? I'd like to add support for JCOP 2.4.2r2 card, which comes with DESFire and ISO 14443-4 layer APDUs. The current detection...

There is also an issue with some Cyberjack readers, that only support 1014 byte APDU. Unfortunately the reader does not report an error for longer APDUs, but silently ignores additional...

You can have a look at the SmartCardHSM class in scsh/sc-hsm/SmartCardHSM.js in the Smart Card Shell installation directory. The CTOR determines the card reader and if APDU transport is limited...

Writing to 2F10 allows inbound APDUs up to the maximum internal APDU Buffer (around 1300, depending of which JCOP version is used). The applet internally just grabs the content of...

Reverted to previous version. Looks to me like an attack.

I vote for restricted access to people with push-access. We can always grant rights to additional contributors.

When the hash must be calculated in the card, then the maximum message length is limited by the size of the internal APDU buffer. Larger messages should be hashed in...

A cache enabled by default starts to make trouble: https://support.nitrokey.com/t/hsm2-cant-figure-out-how-to-properly-wipe-and-reinitialize-device-seems-to-generate-invalid-signatures/4688 https://support.nitrokey.com/t/the-same-key-is-regenerated-each-time/4713 I guess we should not ship with cache enabled by default.

The Smart Card Shell has a mechanism to import RSA and EC keys into a SmartCard-HSM from a PKCS#12 container.

That is already available with Match-On-Card support in the SmartCard-HSM. See the KeyXentic KX 906 token that has an embedded secure element with the SmartCard-HSM applet and 1-to-1 fingerprint matching....