exclusive vs. shared smart card access

Jan Suhr jan at nitrokey.com
Fri Aug 28 16:06:28 CEST 2015


Hi Niibe and who it may concern!
This issue has been discussed previously but since Werner seems to be
positive about it now, I will give it another try:

GnuPG uses an exclusive mode when accessing OpenPGP Cards. This
prevents, or at least makes it complicated, to use OpenPGP Cards with
GPG and other applications on the same system. In fact it is a repeating
problem Nitrokey users are reporting. To my knowledge most other
software (e.g. OpenSC, PKCS#11 drivers) use shared access rather than
exclusive access. It seems to be best practice.

We tested GPG in shared mode for several weeks and couldn't find any
issue. Also the performance seems to be identical. Hence I would like to
request changing smart card access to shared mode.

The necessary modification is simple: Change the third parameter of
pcsc_connect() from PCSC_SHARE_EXCLUSIVE to PCSC_SHARE_SHARED at:
    GPG 1.4: Once in g10/apdu.c
    GPG 2.0: Once in scd/apdu.c and twice in scd/pcsc-wrapper.c
    GPG 2.1: Once in scd/apdu.c

Best regards,
Jan



More information about the Gnupg-devel mailing list