Skip to content

Latest commit





.. highlight:: sh

.. _pcsc-relay:

PC/SC Relay

.. sidebar:: Summary

  Relay a smart card to a contactless interface

      - `Frank Morgner <[email protected]>`_
      - `Dominik Oepen <[email protected]>`_
      GPL version 3
  :Tested Platforms:
      - Windows
      - Linux (Debian, Ubuntu, OpenMoko)

Welcome to PC/SC Relay. The purpose of PC/SC Relay is to relay a smart
card using an contact-less interface. Currently the following contact-less
emulators are supported:

- `Hardware supported by libnfc`_
- OpenPICC_
- :ref:`acardemulator`

Command APDUs are received with the contact-less interface and relayed. The
Response APDUs are then sent back via RFID. The contact-less data will be
relayed to one of the following:

- to a *real* smart card inserted into one of the systems' smart card readers.
  The smart card reader must be accessible with PC/SC. The smart card may be
  contact-based *or* contact-less.
- to a :ref:`vicc` that directly connects to :command:`pcsc-relay`. The virtual
  smart card's native interface is used and (despite its name) PC/SC Relay
  does not need to access PC/SC in this case.

.. tikz:: Debug, Analyze and Emulate with PC/SC Relay
    :libs: arrows, calc, fit, patterns, plotmarks, shapes.geometric, shapes.misc, shapes.symbols, shapes.arrows, shapes.callouts, shapes.multipart, shapes.gates.logic.US, shapes.gates.logic.IEC, er, automata, backgrounds, chains, topaths, trees, petri, mindmap, matrix, calendar, folding, fadings, through, positioning, scopes, decorations.fractals, decorations.shapes, decorations.text, decorations.pathmorphing, decorations.pathreplacing, decorations.footprints, decorations.markings, shadows

    \node (pcsc-relay) {\texttt{pcsc-relay}};

    \node [kleiner, right=2cm of pcsc-relay, yshift=.9cm]
    (libnfc) {Libnfc Devices};
    \node [kleiner, right=2cm of pcsc-relay, yshift=.3cm]
    (openpicc) {OpenPICC};
    \node [kleiner, right=2cm of pcsc-relay, yshift=-.3cm]
    (vpcd) {Virtual Smart Card Reader};
    \node [kleiner, right=2cm of pcsc-relay, yshift=-.9cm]
    (acardemulator) {Android Smart Card Emulator};

    \node [kleiner, left=2cm of pcsc-relay, yshift=.9cm]
    (contactbased) {Contact-based Smart Card};
    \node [kleiner, left=2cm of pcsc-relay, yshift=.3cm]
    (contactless) {Contact-less Smart Card};
    \node [kleiner, left=2cm of pcsc-relay, yshift=-.9cm]
    (remotereader) {Remote Smart Card Reader};
    \node [kleiner, left=2cm of pcsc-relay, yshift=-.3cm]
    (virtual) {Virtual Smart Card};

    \node [above=.3cm of pcsc-relay, kleiner, xshift=1.2cm]
    (capdu) {Command APDU};
    \node [below=.3cm of pcsc-relay, kleiner, xshift=-1.2cm]
    (rapdu) {Response APDU};
    \draw (rapdu.east) edge [pfeil] +(1,0);
    \draw (capdu.west) edge [pfeil] +(-1,0);

    \path[line width=.5cm,color=hublue!20]
    (pcsc-relay.mid) edge [out=180, in=0] (contactbased.east)
    edge [out=180, in=0] (contactless.east)
    edge [out=180, in=0] (virtual.east)
    edge [out=180, in=0] (remotereader.east)
    edge [out=0, in=180] (libnfc.west)
    edge [out=0, in=180] (openpicc.west)
    edge [out=0, in=180] (vpcd.west)
    edge [out=0, in=180] (acardemulator.west)

With PC/SC Relay you can relay a contact-less or contact based smart card
over a long distance. Also you can use it in combination with the :ref:`vicc`
to completely emulate an ISO/IEC 14443 smart card.

.. tikz:: Emulate a contact-less German ID card to perform sanity checks
    :libs: arrows, calc, fit, patterns, plotmarks, shapes.geometric, shapes.misc, shapes.symbols, shapes.arrows, shapes.callouts, shapes.multipart, shapes.gates.logic.US, shapes.gates.logic.IEC, er, automata, backgrounds, chains, topaths, trees, petri, mindmap, matrix, calendar, folding, fadings, through, positioning, scopes, decorations.fractals, decorations.shapes, decorations.text, decorations.pathmorphing, decorations.pathreplacing, decorations.footprints, decorations.markings, shadows

    \tikzstyle{bla}=[shape=rectangle split, rectangle split parts=2,
    every text node part/.style={align=center, klein}, text width=7cm,
    every second node part/.style={kleiner}, inner sep=0pt]

    \tikzstyle{keks}=[to path={-- ++(.1,0) |- (\tikztotarget)}]

    \node (touchatag)
	{\includegraphics[keepaspectratio, height=2cm,
    \node (touchatagbeschreibung) [below=0cm of touchatag, kleiner]

    \node (pcsc-relay) [right=of touchatag]
    \node (pcsc-relaybeschreibung) [below=0cm of pcsc-relay, kleiner]
    {NFC emulator

    \node (vicc) [right=of pcsc-relay]
    {\texttt{vicc -t nPA}};
    \node (viccbeschreibung) [below=0cm of vicc, kleiner]
    {nPA emulator};

    \node (group) [fit=(touchatag) (pcsc-relay) (vicc) (touchatagbeschreibung)
    (pcsc-relaybeschreibung) (viccbeschreibung)] {};
    \node (funktionenchat) [below=0cm of group, bla]
            \item Display context (eID/eSign)
            \item Display requested permissions
    \node (funktionenpace) [below=.5 of funktionenchat, bla]
        Terminal Authentication
            \item Verify authenticy of terminal
            \item Check freshness of cv certificate
            \item With certificate database
                    \item Identification of service provider
                    \item Display purpose of transaction

        \node (box) [fit=(touchatag) (pcsc-relay) (vicc) (touchatagbeschreibung)
        (pcsc-relaybeschreibung) (viccbeschreibung) (funktionenchat)
        (funktionenpace), box, inner sep=.5cm] {};
        \node (boxbild) at (box.north west)
        {\includegraphics[keepaspectratio, height=1.5cm,
        \node [right=0cm of boxbild.east, yshift=.3cm]
        {Openmoko Neo FreeRunner};

    \node (a) [left=1.5of box]
	{\includegraphics[keepaspectratio, height=4cm,
    \node (e) [below=0cm of a, text width=2.5cm, align=center]
    {(Public) Terminal};

        (touchatag)  edge  [doppelpfeil] (pcsc-relay)
        (pcsc-relay) edge [doppelpfeil] (vicc)
        (vicc.east) edge [keks, pfeil] (funktionenchat.text east)
        (vicc.east) edge [keks, pfeil] (funktionenpace.text east)
        (a) edge [decorate, decoration={expanding waves, angle=20, segment
        length=6}, nichtrundelinie] (touchatag.south west);

PC/SC Relay has the following dependencies:

- PC/SC middleware
- libnfc_

.. include:: relay-note.txt

.. include:: download.txt

.. include:: autotools.txt

Hints on libnfc

Here is an example of how to get the standard
installation of libnfc::
    git clone $LIBNFC
    cd $LIBNFC
    autoreconf -i
    # See `./configure --help` for enabling support of additional hardware
    ./configure --prefix=$PREFIX
    make install

Building PC/SC Relay with libnfc is done best using :command:`pkg-config`.  The file
:file:`libnfc.pc` should be located in ``$INSTALL/lib/pkgconfig``. Here is how to
configure PC/SC Relay to use it::

    ./configure PKG_CONFIG_PATH=$PREFIX/lib/pkgconfig

Hints on Android Smart Card Emulator

The Android Smart Card Emulator is build around the host card emulation mode of
Android 4.4 and later. This mode activates the app if the terminal issues a
SELECT command with one of the app's application identifiers. The app registers
for the following AIDs (:file:`ACardEmulator/app/src/main/res/xml/aid_list.xml`):

.. literalinclude:: ../../ACardEmulator/app/src/main/res/xml/aid_list.xml
    :language: xml
    :emphasize-lines: 8,12,16,20

If used together with PC/SC Relay you need to change these application
identifiers to match the emulated card. Otherwise the app will not be activated
when it should relay command APDUs to PC/SC Relay.

And while you are already modifying the Android Smart Card Emulator you may also
want to activate `useVPCD` and change `hostname` and `port` to configure the
connection to PC/SC Relay

.. literalinclude:: ../../ACardEmulator/app/src/main/java/com/vsmartcard/acardemulator/
    :language: java
    :lines: 47-52
    :emphasize-lines: 3,5-6

Compiling and installing Android Smart Card Emulator is covered in its :ref:`acardemulator_install` section.

Hints on PC/SC middleware

A PC/SC middleware is included by default in most modern operating systems. On
Unix-like systems (Linux, OS X, Sun OS) it is realized by PCSC-Lite_. To
compile PC/SC Relay you will need to install the PCSC-Lite headers from
your distribution.

Windows also ships with a PC/SC middleware in form of the Winscard module.
PC/SC Relay can be (cross) compiled with MinGW-w64. Also, Microsoft's
developement environment Visual Studio includes all necessary data for building
PC/SC Relay.


.. program-output:: pcsc-relay --help

Below we explain what option to choose for the emulator which receives a
command APDU and transmits a response APDU back to the terminal:

=================================================== ==============
Option                                              ``--emulator``
=================================================== ==============
Emulation hardware supported via libnfc             ``libnfc``
Emulation with OpenPICC                             ``openpicc``
Android Smart Card Emulator                         ``vpcd``
Virtual Smart Card                                  ``vpcd``
=================================================== ==============

Below we explain what option to choose for the connector which calculates
a response APDU from a given command APDU:

=================================================== ===============
Option                                              ``--connector``
=================================================== ===============
Contact-based Smart Card in PC/SC Reader            ``pcsc``
Contact-less Smart Card in PC/SC Reader             ``pcsc``
Contact-less Smart Card in Remote Smart Card Reader ``vicc``
Virtual Smart Card                                  ``vicc``
=================================================== ===============

.. include:: questions.txt

Notes and References

.. target-notes::

.. _`Hardware supported by libnfc`:
.. _libnfc:
.. _OpenPICC:
.. _PCSC-lite: