web-eid-app icon indicating copy to clipboard operation
web-eid-app copied to clipboard
verified publisher icon web-eid

bug: pinpad cancel does nothing on macos

Open martinpaljak opened this issue 1 year ago • 5 comments

macos 15.1 M1 with Gemalto Ezio Shield.

Cancelling PIN entry (long-pressing yellow C button) will result in the following screen and locked up application. Expect it to cancel gracefully and report it back to the application/website.

Screenshot 2024-10-30 at 11 09 09

martinpaljak avatar Oct 30 '24 09:10 martinpaljak

Its the Apple CCID driver fault

Secure Verify PIN comand

The most problematic issue is that the Secure Verify PIN command (FEATURE_VERIFY_PIN_DIRECT) using the Apple driver returns:

Secure verify PIN
command: 00 00 82 08 00 08 04 07 01 09 04 00 00 00 00 0D 00 00 00 00 20 00 00 08 30 30 30 30 00 00 00 00
Enter your PIN:
SCardControl: OK
card response [0 bytes]::

The SCardControl() returns SCARD_S_SUCCESS (i.e. no error) but the PIN is not asked by the pinpad reader, and of course not submitted and verified by the card. This command just silently fails. A pinpad reader can't be used with the Apple CCID driver.

You can get excepted behaviour when you switch to Ludovic's driver sudo defaults write /Library/Preferences/com.apple.security.smartcard useIFDCCID -bool yes

metsma avatar Oct 30 '24 09:10 metsma

It works without issues when actually entering the PIN. When pressing the cancel button, the "operation failed" dialogue pops up, so it does detect some kind of change/failure. The main issue for me is that pressing cancel in the popping up failure dialogue will not cancel the underlying dialogue with progress bar, that keeps on spinning without a "cancel" button until it reaches zero, and then remains indefinitely until next web-eid invocation, that also starts with the same progress bar already at zero.

While the macos pcsc-like layer is probably full of annoyances, this seems like a UX mis-wiring issue in web-eid app.

martinpaljak avatar Oct 30 '24 09:10 martinpaljak

I do have two proprietary drivers installed, as visible from the picture and the list below Screenshot 2024-10-30 at 11 59 12

1: [ ] [   ] Circle CIR315(1)
2: [*] [VMD] Gemalto Ezio Shield
             3BDB960080B1FE451F830012233F536549440F9000F1
             https://smartcard-atr.apdu.fr/parse?ATR=3BDB960080B1FE451F830012233F536549440F9000F1
3: [ ] [   ] Circle CIR315(2)
4: [ ] [   ] ACS ACR38U-CCID

martinpaljak avatar Oct 30 '24 10:10 martinpaljak

Not to mention that it would be lovely to be able to just press ESC (or the missing CANCEL button) on the normal keyboard for the pinpad progresss bar dialogue to cancel the ongoing operation before the timeout...

martinpaljak avatar Oct 30 '24 10:10 martinpaljak

Can you please retest with latest main?

mrts avatar Oct 07 '25 07:10 mrts