Peaceful coexistence of GnuPG and other smart card software

Werner Koch wk at
Thu Aug 11 09:28:46 CEST 2011

On Wed, 10 Aug 2011 18:24, martin at said:

>  - removing exclusive mode and relying on transactions(SCardBeginTransaction/SCardEndTransaction) for smart card access (at least making it *easily* configurable)

That is not possible because scdaemon caches most card informtaion.
Thus we need exclusive access or a way to know if other applications
changes the card data.

A way to workaround this is the scdaemon option:

  @item --card-timeout @var{n}
  @opindex card-timeout
  If @var{n} is not 0 and no client is actively using the card, the card
  will be powered down after @var{n} seconds.  Powering down the card
  avoids a potential risk of damaging a card when used with certain
  cheap readers.  This also allows non Scdaemon aware applications to
  access the card.  The disadvantage of using a card timeout is that
  accessing the card takes longer and that the user needs to enter the
  PIN again after the next power up.
  Note that with the current version of Scdaemon the card is powered
  down immediately at the next timer tick for any value of @var{n} other
  than 0.
>  - support for multiple readers, where the OpenPGP card/token is not the first reader

There is support for multiple readers and it has been tested and used in
an actual product many years ago.  See --reader-port for a starter.
There are likely bugs in it.

>  - maybe some better error messages (though I doubt I can/want bite through the scdaemon/assuan/gpg-agent microsystems)

You mean that it is easier to see things like EEPROM FAILURE?  This can
be done and is not very complicated.

> Would such changes be of interest and be included with GnuPG?

I would be more interested in an pcsc driver making use of scdaemon's
APDU command.  That is using scdaemon as the low-level driver and put
pcsc on top of it.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list