ifd-jcecard
| Crates.io | ifd-jcecard |
| lib.rs | ifd-jcecard |
| version | 0.2.0 |
| created_at | 2025-12-15 17:18:08.172985+00 |
| updated_at | 2026-01-03 09:08:43.810327+00 |
| description | PC/SC IFD Handler for jcecard virtual OpenPGP and PIV smart card |
| homepage | https://github.com/kushaldas/jcecard |
| repository | https://github.com/kushaldas/jcecard |
| max_upload_size | |
| id | 1986418 |
| size | 320,600 |
Kushal Das (kushaldas)
documentation
README
ifd-jcecard
A PC/SC IFD (Interface Device) handler that provides a virtual OpenPGP and PIV smart card for testing and development.
Overview
This crate provides a PC/SC driver with an embedded virtual smart card implementation. It allows pcscd (PC/SC Smart Card Daemon) to expose a virtual smart card that implements both OpenPGP card 3.4 and PIV (NIST SP 800-73-4) specifications. Applications like GnuPG, OpenSC, and yubico-piv-tool can interact with this virtual card just like a physical hardware token.
How it Works
┌─────────────────┐ ┌─────────┐ ┌──────────────────────────────────┐
│ Application │ │ pcscd │ │ ifd-jcecard (this crate) │
│ (gpg, piv-tool) │────▶│ │────▶│ ┌────────────┐ ┌─────────────┐ │
└─────────────────┘ └─────────┘ │ │ OpenPGP │ │ PIV │ │
│ │ Applet │ │ Applet │ │
│ └────────────┘ └─────────────┘ │
└──────────────────────────────────┘
- Application sends PC/SC commands (e.g.,
gpg --card-status) - pcscd routes commands to the IFD handler
- ifd-jcecard processes APDUs using the embedded virtual card
- Responses flow back through the same path
The virtual card implementation is fully embedded in the shared library - no external server is needed.
Features
- OpenPGP Card 3.4: Sign, decrypt, authenticate with RSA 2048/4096, Ed25519, X25519, NIST P-256/P-384
- PIV (NIST SP 800-73-4): PIV Authentication, Digital Signature, Key Management, Card Authentication slots
- Key Generation: Generate keys on-card or import existing keys
- Persistent Storage: Card state persisted to
~/.jcecard/card_state.json - No External Dependencies: Everything runs inside the shared library
Supported Algorithms
| OpenPGP Key Slot | Algorithms |
|---|---|
| Signature (1) | RSA 2048/4096, Ed25519, ECDSA P-256/P-384 |
| Decryption (2) | RSA 2048/4096, X25519, ECDH P-256/P-384 |
| Authentication (3) | RSA 2048/4096, Ed25519, ECDSA P-256/P-384 |
| PIV Key Slot | Algorithms |
|---|---|
| 9A (PIV Authentication) | RSA 2048, ECDSA P-256/P-384 |
| 9C (Digital Signature) | RSA 2048, ECDSA P-256/P-384 |
| 9D (Key Management) | RSA 2048, ECDH P-256/P-384 |
| 9E (Card Authentication) | RSA 2048, ECDSA P-256/P-384 |
Installation
From Source
# Clone the repository
git clone https://github.com/kushaldas/jcecard.git
cd jcecard/ifd-jcecard
# Build
cargo build --release
# Install (requires sudo)
just install-ifd
Manual Installation
The IFD handler needs to be installed to system directories:
- Copy
libifd_jcecard.soto/usr/lib/pcsc/drivers/ifd-jcecard.bundle/Contents/Linux/ - Copy
Info.plistto/usr/lib/pcsc/drivers/ifd-jcecard.bundle/Contents/ - Copy reader configuration to
/etc/reader.conf.d/jcecard - Restart pcscd:
sudo systemctl restart pcscd
Usage
-
Install the IFD handler (see above)
-
Restart pcscd to load the driver:
sudo systemctl restart pcscd -
Verify the virtual reader is available:
pcsc_scan -
Use with your favorite smart card application:
gpg --card-status yubico-piv-tool -a status
Default Credentials
- OpenPGP User PIN (PW1):
123456 - OpenPGP Admin PIN (PW3):
12345678 - PIV PIN:
123456 - PIV PUK:
12345678 - PIV Management Key:
010203040506070801020304050607080102030405060708
Requirements
- Linux with pcscd installed (
sudo apt install pcscd libpcsclite-dev) - Rust toolchain for building from source
Development
# Run Rust unit tests
cargo test
# Build in debug mode
cargo build
# Run clippy lints
cargo clippy
Related Projects
- johnnycanencrypt - OpenPGP library for Rust/Python
- talktosc - Smart card communication library (patterns used here)
License
BSD-2-Clause License - see LICENSE for details.