Steps to enable OpenPGP smartcard support on a new distro
Damien Goutte-Gattat
dgouttegattat at incenp.org
Sat Sep 19 17:00:48 CEST 2015
On 09/17/2015 12:35 PM, Dimitri John Ledkov wrote:
> Is pcsc-lite required?
Usually, yes. Scdaemon has an internal CCID driver to talk directly with
some USB card readers without any middleware, but as a comment in the
source code of that driver (scd/ccid-driver.c:61) says:
This is a fallback driver to be used when nothing else works or the
system should be kept minimal for security reason.
> Does gnupg required to be configured with some specific options?
No, unless the pcsc-lite package in your distribution installs the
libpcsclite.so library in an unusual location or with an unusual name
(in which case you may use Scdaemon's --pcsc-driver option to specify
the location of that library).
> Are there udev rules or similar required, that may be missing?
It depends on your pcsc-lite setup. If the pcscd(8) daemon runs under
its own user account, you will need to make sure that user account is
allowed to access the card reader. For example, I use the following Udev
rule on my system:
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="04e6", \
ATTR{idProduct}=="5410", OWNER="scard", GROUP="scard", MODE="660"
to allow pcscd (which runs under the `scard` system account) to access
an Identive SCR3500 reader.
Hope that helps,
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150919/f350e3b2/attachment.sig>
More information about the Gnupg-devel
mailing list