Skip to content

Use CCID when needed to connect to the nitrokey 3#398

Merged
sosthene-nitrokey merged 1 commit intoNitrokey:mainfrom
sosthene-nitrokey:ccid
Mar 11, 2026
Merged

Use CCID when needed to connect to the nitrokey 3#398
sosthene-nitrokey merged 1 commit intoNitrokey:mainfrom
sosthene-nitrokey:ccid

Conversation

@sosthene-nitrokey
Copy link
Contributor

@sosthene-nitrokey sosthene-nitrokey commented Jan 15, 2026
edited
Loading

The approach taken is to instead of re-opening the connection for every command, we hold an exclusive CCID connection for the entire application, and never re-open it.

We can't use the same strategy as CTAHID because

  • When using an exclusive connection, re-opening one fails.
  • Closing and re-opening exclusive connections is not an option without major refactor to avoid having multiple connections opened at the same time.
  • When using a non-exclusive connection, security status changes such as pin validation will fail because operations over a key will not be using the same transaction.

@sosthene-nitrokey sosthene-nitrokey force-pushed the ccid branch 3 times, most recently from d03f6e2 to 6172942 Compare January 15, 2026 16:35
@sosthene-nitrokey sosthene-nitrokey marked this pull request as ready for review January 15, 2026 16:41
@sosthene-nitrokey sosthene-nitrokey requested review from daringer, mmerklinger and robin-nitrokey and removed request for daringer January 15, 2026 16:41
robin-nitrokey
robin-nitrokey reviewed Jan 15, 2026
View reviewed changes
@robin-nitrokey
Copy link
Member

robin-nitrokey commented Jan 15, 2026

Note that this conflicts with #387 though it should not be too hard to resolve the conflicts.

@sosthene-nitrokey sosthene-nitrokey force-pushed the ccid branch 6 times, most recently from 33ab702 to c8a4854 Compare January 20, 2026 08:40
@sosthene-nitrokey
Copy link
Contributor Author

sosthene-nitrokey commented Jan 20, 2026

Tested to work properly on windows. Including the settings page. I think on Windows it's less likely to have something like gpg-agent running in the background to be in conflict for the PC/SC connection.

@sosthene-nitrokey sosthene-nitrokey mentioned this pull request Jan 21, 2026
Merged
@sosthene-nitrokey
Copy link
Contributor Author

sosthene-nitrokey commented Jan 27, 2026

Just rebased on top of main. I still need to re-test on Windows to be sure it works.

@sosthene-nitrokey sosthene-nitrokey force-pushed the ccid branch 3 times, most recently from 6de9b8f to 1ab4b19 Compare January 30, 2026 16:18
@mmerklinger
Copy link
Member

mmerklinger commented Feb 27, 2026

Just tested on Windows Server 2025 and seems to work.

robin-nitrokey
robin-nitrokey reviewed Mar 2, 2026
View reviewed changes
robin-nitrokey
robin-nitrokey reviewed Mar 3, 2026
View reviewed changes
robin-nitrokey
robin-nitrokey reviewed Mar 3, 2026
View reviewed changes
@sosthene-nitrokey sosthene-nitrokey force-pushed the ccid branch 3 times, most recently from a001527 to 96a238c Compare March 3, 2026 11:07
@mmerklinger
Copy link
Member

mmerklinger commented Mar 11, 2026

Is this ready to be merged?

@sosthene-nitrokey
Copy link
Contributor Author

sosthene-nitrokey commented Mar 11, 2026

Yes

@sosthene-nitrokey sosthene-nitrokey merged commit b6de2a0 into Nitrokey:main Mar 11, 2026
33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robin-nitrokey robin-nitrokey robin-nitrokey approved these changes

@mmerklinger mmerklinger Awaiting requested review from mmerklinger

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sosthene-nitrokey @robin-nitrokey @mmerklinger