Steps to enable OpenPGP smartcard support on a new distro
NIIBE Yutaka
gniibe at fsij.org
Mon Sep 21 09:00:46 CEST 2015
On 09/17/2015 07:35 PM, Dimitri John Ledkov wrote:
> I'm trying to enable OpenPGP smartcard support in gnupg 2.0.x on
> clearlinux.org. It would be useful to have instructions somewhere, at
> a low level, how to enable stuff - something like the linux from
> scratch book articles.
> Is pcsc-lite required?
No, if your purpose is OpenPGP only.
If you need to use another card for anoter application, pcsc-lite
would be needed.
> Does gnupg required to be configured with some specific options?
No, not needed.
> Are there udev rules or similar required, that may be missing?
You need to configure udev rules for your card readers.
On my Debian box, I have this file installed for Gnuk Token for udev.
======================= /etc/udev/rules.d/69-gnuk.rules
SUBSYSTEM=="usb", ACTION=="add", ATTR{idVendor}=="234b", ATTR{idProduct}=="0000", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
=======================
where 234b:0000 is USB ID of Gnuk Token. I don't know the detail of
udev and systemd (the detail has been changed so far). The effect
of having udev setting is configuring ACL for desktop user.
For example, when I inserted Gnuk Token which became:
Bus 002 Device 003: ID 234b:0000
(that's lsusb output). Then, I have the ACL for me to the path:
========================
$ getfacl /dev/bus/usb/002/003
getfacl: Removing leading '/' from absolute path names
# file: dev/bus/usb/002/003
# owner: root
# group: root
user::rw-
user:gniibe:rw-
group::rw-
mask::rw-
other::r--
========================
--
More information about the Gnupg-devel
mailing list