From 139f3116f26f1657f3f15ca94735fcd7f1fb4f0a Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Fri, 27 Aug 2021 23:05:58 +0200 Subject: [PATCH] Document known limitations of scdc --- scdc/README.md | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/scdc/README.md b/scdc/README.md index 95d752a..9b3bf44 100644 --- a/scdc/README.md +++ b/scdc/README.md @@ -8,4 +8,27 @@ SPDX-License-Identifier: MIT OR Apache-2.0 This crate provides `ScdClient`, which is an implementation of the CardClient trait that uses an instance of GnuPG's [scdaemon](https://www.gnupg.org/documentation/manuals/gnupg/Invoking-SCDAEMON.html) -to access OpenPGP cards. \ No newline at end of file +to access OpenPGP cards. + +**Known limitations** + +- Uploading RSA 4096 keys via scdaemon doesn't work with cards that don't + support Command Chaining (e.g. the "Floss Shop OpenPGP Smart Card"). + This is caused by a size limitation for client requests via the + [Assuan](https://www.gnupg.org/documentation/manuals/assuan/) protocol. + Assuan "Client requests" are limited to 1000 chars. Commands are sent as + ASCII encoded hex, so APDU commands are limited to around 480 bytes. This + is insufficient for importing RSA 4096 keys to the card (all other + OpenPGP card operations fit into this constraint). + +- When using `scdaemon` via pcsc (by configuring `scdaemon` with + `disable-ccid`), choosing a specific card of multiple plugged in OpenPGP + cards seems to be broken. + So you probably want to plug in one OpenPGP card at a time when using + `openpgp-card-scdc` combined with `disable-ccid`. + +- When using `scdaemon` via its default `ccid` driver, choosing a + specific one of multiple plugged in OpenPGP cards seems to only work up + to 4 plugged in cards. + So you probably want to plug in at most four OpenPGP cards at a time when + using `openpgp-card-scdc` with its ccid driver.