Skip to content

Use CCID when needed to connect to the nitrokey 3 #398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sosthene-nitrokey wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Use CCID when needed to connect to the nitrokey 3 #398

sosthene-nitrokey wants to merge 4 commits into from

Conversation

@sosthene-nitrokey
Copy link
Contributor

@sosthene-nitrokey sosthene-nitrokey commented Jan 15, 2026
edited
Loading

The approach taken is to instead of re-opening the connection for every command, we hold an exclusive CCID connection for the entire application, and never re-open it.

We can't use the same strategy as CTAHID because

  • When using an exclusive connection, re-opening one fails.
  • Closing and re-opening exclusive connections is not an option without major refactor to avoid having multiple connections opened at the same time.
  • When using a non-exclusive connection, security status changes such as pin validation will fail because operations over a key will not be using the same transaction.

@sosthene-nitrokey
Use CCID when needed to connect to the nitrokey 3
ddff771 
The approach taken is to instead of re-opening
the connection for every command, we hold an exclusive
CCID connection for the entire application, and never re-open it.

We can't use the same strategy as CTAHID because:

When using an exclusive connection, re-opening one fails.
When using a non-exclusive connection, security status changes such
as pin validation will fail because operations over a key will not
be using the same transaction.
@sosthene-nitrokey
Disable updates and set tooltip to explain that administrator rights …
f45f8b7 
…are required
@sosthene-nitrokey sosthene-nitrokey force-pushed the ccid branch 3 times, most recently from d03f6e2 to 6172942 Compare January 15, 2026 16:35
@sosthene-nitrokey sosthene-nitrokey marked this pull request as ready for review January 15, 2026 16:41
@sosthene-nitrokey sosthene-nitrokey requested review from daringer, mmerklinger and robin-nitrokey and removed request for daringer January 15, 2026 16:41
robin-nitrokey
robin-nitrokey reviewed Jan 15, 2026
View reviewed changes
nitrokeyapp/device_data.py Outdated
self.inner = inner

def __getattribute__(self, name: str) -> Any:
getattr(self.inner, name)
Copy link
Member

@robin-nitrokey robin-nitrokey Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing return?

@robin-nitrokey
Copy link
Member

robin-nitrokey commented Jan 15, 2026

Note that this conflicts with #387 though it should not be too hard to resolve the conflicts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robin-nitrokey robin-nitrokey robin-nitrokey left review comments

@mmerklinger mmerklinger Awaiting requested review from mmerklinger

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sosthene-nitrokey @robin-nitrokey