Closed lustasag closed 4 months ago
frankmorgner
commented
4 months ago It is not secured and I don't plan to add any secure channel. If you need a secure channel, please consider tunneling this through some other connection (i.e. SSH, VPN or HTTPS)
frankmorgner
commented
4 months ago And, by the way, if you are transferring sensitive data via NFC (or ISO 14443) this is not secured as well. If you are conserned about not loosing sensitive data the ideal approach would be to start an end-to-end encrypted channel to the actual card rather than only securing the connection between reader and pc
lustasag
commented
4 months ago Initially I discarded it, however SSH turned out to be simple solution. I used Connectbot on the Android device, and now it works like a charm!
Thank you for the fantastic tool, @frankmorgner!!!
lustasag
commented
4 months ago To my amusement I discovered that the Hungarian government has developed a mobile NFC reader application using Virtual Smart Card and possibly the "Smart Card Reader" application. The name is eSzemélyiM, it has a product page and the app is available on Google Play. (It looks like they couldn't build the smart card functions into their iOS app).
BTW, I'm not actually able to use my card for signing via WiFi (neither with vanilla setup nor using the HU app). It is very slow -- perhaps some queries time out or something.
Is the communication between the Android Remote Smart Card Reader and vpcd secured? I didn't find anything in the documentation and during the installation there was no step involved.
If not, are there any plans to implement something like this? If this make any sense from the security point of view of course...
Aurel