Steps to enable OpenPGP smartcard support on a new distro

Damien Goutte-Gattat dgouttegattat at incenp.org
Sat Sep 19 17:00:48 CEST 2015


On 09/17/2015 12:35 PM, Dimitri John Ledkov wrote:
> Is pcsc-lite required?

Usually, yes. Scdaemon has an internal CCID driver to talk directly with 
some USB card readers without any middleware, but as a comment in the 
source code of that driver (scd/ccid-driver.c:61) says:

   This is a fallback driver to be used when nothing else works or the
   system should be kept minimal for security reason.


> Does gnupg required to be configured with some specific options?

No, unless the pcsc-lite package in your distribution installs the 
libpcsclite.so library in an unusual location or with an unusual name 
(in which case you may use Scdaemon's --pcsc-driver option to specify 
the location of that library).


> Are there udev rules or similar required, that may be missing?

It depends on your pcsc-lite setup. If the pcscd(8) daemon runs under 
its own user account, you will need to make sure that user account is 
allowed to access the card reader. For example, I use the following Udev 
rule on my system:

   ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", \
   ATTR{idProduct}=="5410", OWNER="scard", GROUP="scard", MODE="660"

to allow pcscd (which runs under the `scard` system account) to access 
an Identive SCR3500 reader.

Hope that helps,

Damien

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150919/f350e3b2/attachment.sig>


More information about the Gnupg-devel mailing list