Focus on Linux
Smart-Card Open Test Toolkit Oct 28 2009 07:24AM
Tommaso Cucinotta (tommaso cucinotta sssup it)
Hi all,

I would like to announce the availability of SCOTT, an open, modular and
extensible smart-card shell, which can be used for interacting with
smart-card devices, i.e., browsing its contents or also using the
on-board capabilities, as well as for automating such smart-card
operations by means of scripts. The envisioned usage scenario is around
automated smart-card configuration like needed during the development of
smart-card based applications, where one may have to repeatedly perform
a set of operations onto a smart-card, usually for testing purposes. For
example, "formatting" a card and loading some certificates and keys, or
loading some (updated version of a) JavaCard Applet. This is the
motivation for the project name: Smart-Card Open Test Toolkit.

The idea is to have a basic core constituted by a command-line
interactive shell, where external plugins define sets of commands which
can be:
-) commands related to some particular smart-card API, like the "system"
scott-pcsc plug-in, which provides shell commands for listing available
readers, checking status, connecting to the inserted device and sending
generic APDUs;
-) commands corresponding to a set of command APDUs defined by some
specific standard, like the scott-iso7816 plug-in, currently supporting
ISO 7816-4 file management commands
-) commands corresponding to the specific set of APDUs supported by a
particular smart-card device, like the scott-cryptoflex8 plug-in,
currently supporting specific capabilities of the Schlumberger
Cryptoflex 8K device.

Other plugins which may come in the future could be for supporting
loading of JavaCard applets, for supporting specific commands of
particular devices, or for supporting other standard APIs.

The shell has a built-in type-system, by which a plug-in can define its
own set of types. This allows for example to exchange high-level
information with the user in a structured form (the classical example is
when one provides the set of information needed to create a new file, or
when one selects an on-board file and retrieves its "descriptor").

Also, it has a built-in variables environment, by which one can assign
return types from commands, then supply them to other commands as input,

The project has been developed by Andrea Angella for his masters thesis
in Computer Engineering here at the Real-Time Systems Laboratory of
Scuola Superiore Sant'Anna, under my supervision, and it has been
released under GPL open-source license. Code is available on

Any comment/suggestion is of course encouraged and very welcome. You can
also use the mailing-list we set-up for the project:

Thanks for your attention.


Tommaso Cucinotta

Tommaso Cucinotta, Computer Engineering PhD, Researcher
ReTiS Lab, Scuola Superiore Sant'Anna, Pisa, Italy
Tel +39 050 882 024, Fax +39 050 882 003

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus