gniibe at fsij.org
Wed Nov 4 11:05:27 CET 2015
For a while, please configure your scdaemon.conf with a line.
With this option, scdaemon always use PC/SC service and I believe that
it will improve the situation of yours.
* * *
On 2015-11-04 at 00:15 -0800, Marc Mercer wrote:
> For now, I didn't want to make the posting itself too clumsy, so I
> have linked the logfile here: https://gist.github.com/Daemoen/e079a7
Thanks a lot. I think that I've finally got a clue to solve this
issue of Yubikey and Cryptostick; I got some complaints but none was
IIUC, I think that the situation is like this:
(1) With the configuration of Yubikey and Cryptostick, a user actually
uses GnuPG's internal CCID driver (instead of PC/SC), if a user
doesn't specify disable-ccid.
That's because current scdaemon's logic is trying internal CCID driver
at first and then, going to PC/SC.
Because of Yubikey and Cryptostick's recommended configuration of udev
(which has other use something like OTP/U2F/PIV), the access by
internal CCID driver (unfortunately) doesn't fail.
Usually for other card readers, the access by internal CCID fails ang
goes to PC/SC, but this doesn't happen for Yubikey and Cryptostick.
(2) On Fedora, we would have some compatibility issue of old libusb.
GnuPG's ccid-driver.c expects return value of -ENODEV for bulk write
when it's gone, but it looks like the return value is different. So,
internal CCID driver can't detect unplugging of tokens/reders.
While I ask you running scdaemon with disable-ccid option, I should
fix the problem of internal CCID driver.
More information about the Gnupg-devel