[Question] Need documentation on smartcard standard #122

New Issue

2026-01-14T11:36:30+08:00

rayc345 commented

2026-01-14 11:36:30 +08:00

(Migrated from https://github.com/polhenarejos/pico-hsm)

I read the code of pico-hsm and compared with ISO7816-4, I found some INS are not defined, I searched the source code of OpenSC, it seems pico-hsm tries to implement the smartcard-hsm, but I cannot found any document on this specific HSM, I found some info here, it says a smartcard-hsm is needed to access these documents, so I want to ask:
Is these documents free?
Can I use a pico-hsm to get these documents?
Is these documents protected by NDA or any other similar licenses? Can you share?

I read the code of pico-hsm and compared with ISO7816-4, I found some INS are not defined, I searched the source code of OpenSC, it seems pico-hsm tries to implement the smartcard-hsm, but I cannot found any document on this specific HSM, I found some info [here](https://www.smartcard-hsm.com/cdn.html#git), it says a smartcard-hsm is needed to access these documents, so I want to ask: Is these documents free? Can I use a pico-hsm to get these documents? Is these documents protected by NDA or any other similar licenses? Can you share?

polhenarejos commented

2026-01-14 16:30:59 +08:00

(Migrated from https://github.com/polhenarejos/pico-hsm)

I don't have access to any official SmartCard-HSM documentation or NDA-protected materials, so I can't share or comment on them.

Pico HSM is based on reverse engineering and practical experimentation (APDUs, OpenSC behavior, ISO7816-4), not on proprietary specifications, so some INS values or behaviors may be incomplete and full compatibility isn't claimed.

Pico HSM is not signed or endorsed by CardContact and has no commercial relationship with them, so it can only rely on publicly available content and observable implementations.

I don't have access to any official SmartCard-HSM documentation or NDA-protected materials, so I can't share or comment on them. Pico HSM is based on reverse engineering and practical experimentation (APDUs, OpenSC behavior, ISO7816-4), not on proprietary specifications, so some INS values or behaviors may be incomplete and full compatibility isn't claimed. Pico HSM is not signed or endorsed by CardContact and has no commercial relationship with them, so it can only rely on publicly available content and observable implementations.

rayc345 commented

2026-01-14 21:55:11 +08:00

(Migrated from https://github.com/polhenarejos/pico-hsm)

Okay, so I got this:

Pico-HSM is based on public spec ISO7816-4 and OpenSC interaction experiment and OpenSC code study.
Pico-HSM mimics SmartCard-HSM, but not fully sure to be compliant to it.

Can we mimic YubiHSM? Its PC side software is open-source.

Okay, so I got this: 1. Pico-HSM is based on public spec ISO7816-4 and OpenSC interaction experiment and OpenSC code study. 2. Pico-HSM mimics SmartCard-HSM, but not fully sure to be compliant to it. Can we mimic YubiHSM? Its PC side software is open-source.

polhenarejos commented

2026-01-15 04:52:41 +08:00

(Migrated from https://github.com/polhenarejos/pico-hsm)

Yes, this is something I considered. However, it’s completely new protocol, with non-standardized interface and only compatible with their apps. It’s not even based on ISO 7816. Probably I’d could not reuse more than the 10% of Pico HSM and I believe the adoption would be residual. Unless someone fund it, by now this has low priority.

Besides this, I don’t think it has any advantate wrt ScHsm. Is some feature you are willing to see in Pico HSM?

Yes, this is something I considered. However, it’s completely new protocol, with non-standardized interface and only compatible with their apps. It’s not even based on ISO 7816. Probably I’d could not reuse more than the 10% of Pico HSM and I believe the adoption would be residual. Unless someone fund it, by now this has low priority. Besides this, I don’t think it has any advantate wrt ScHsm. Is some feature you are willing to see in Pico HSM?

rayc345 commented

2026-01-15 11:03:20 +08:00

(Migrated from https://github.com/polhenarejos/pico-hsm)

I have not used pico-hsm or yubihsm by now, just being curious. No specific HSM features are needed. PIV/PGP/FIDO already satisfy all my needs.

Yeah, I found yubihsm is using a different protocol. It seems a little complicated, with their own Secure Messaging design.

I ask this question just because their python code for PC management seems to only have little code. I would like to use a mature, well-maintained, nice&clean PC software to talk to my own HSM. So, I came to the idea of reusing their python host software.

I have not used pico-hsm or yubihsm by now, just being curious. No specific HSM features are needed. PIV/PGP/FIDO already satisfy all my needs. Yeah, I found yubihsm is using a different protocol. It seems a little complicated, with their own Secure Messaging design. I ask this question just because their python code for PC management seems to only have little code. I would like to use a mature, well-maintained, nice&clean PC software to talk to my own HSM. So, I came to the idea of reusing their python host software.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/pico-hsm#122