Steps to enable OpenPGP smartcard support on a new distro

NIIBE Yutaka gniibe at
Mon Sep 21 09:00:46 CEST 2015

On 09/17/2015 07:35 PM, Dimitri John Ledkov wrote:
> I'm trying to enable OpenPGP smartcard support in gnupg 2.0.x on
> It would be useful to have instructions somewhere, at
> a low level, how to enable stuff - something like the linux from
> scratch book articles.
> Is pcsc-lite required?

No, if your purpose is OpenPGP only.

If you need to use another card for anoter application, pcsc-lite
would be needed.

> Does gnupg required to be configured with some specific options?

No, not needed.

> Are there udev rules or similar required, that may be missing?

You need to configure udev rules for your card readers.

On my Debian box, I have this file installed for Gnuk Token for udev.

======================= /etc/udev/rules.d/69-gnuk.rules
SUBSYSTEM=="usb", ACTION=="add", ATTR{idVendor}=="234b", ATTR{idProduct}=="0000", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"

where 234b:0000 is USB ID of Gnuk Token.  I don't know the detail of
udev and systemd (the detail has been changed so far).  The effect
of having udev setting is configuring ACL for desktop user.

For example, when I inserted Gnuk Token which became:

	Bus 002 Device 003: ID 234b:0000

(that's lsusb output).  Then, I have the ACL for me to the path:

$ getfacl /dev/bus/usb/002/003
getfacl: Removing leading '/' from absolute path names
# file: dev/bus/usb/002/003
# owner: root
# group: root

More information about the Gnupg-devel mailing list