Add option for scdaemon to open smart card in non-exclusive mode

Bernhard Reiter bernhard at intevation.de
Tue Sep 13 17:05:18 CEST 2016


Hi Uri,

Am Montag 12 September 2016 03:18:24 schrieb Uri Blumenthal:
> The problem is that scdaemon insists on grabbing the token, so first - it
> refuses to access it when another daemon (tokend in this case) is connected
> to it (tokend on Mac OS X is the daemon that makes the token available to
> all the native OS X applications, such as Safari, Google Chrome, Apple
> Mail, MS Outlook, Adobe Acrobat, Keychain Access, etc. etc.). Tokend is
> talking to PIV applet.

from your description, I can see that you are having an use case that should 
be supported. The next steps would be to 
a) write it down, open up a ticket on bugs.gnupg.org 
b) come up with a good proposal how to technically solve this
c) come up with someone doing or funding the work.

A workaround in your case could be to use two readers, one for each token.

I'm no expert, but reading up a bit, it seems that shared access from several 
application could be a problem, either because of the state of the token
that needs to be handed over and otherwise because of speed issues if 
applications have to reset the token to some clean state. So I'm unsure if 
a "non-exclusive mode" is technically feasable.

Best Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160913/44f36507/attachment.sig>


More information about the Gnupg-devel mailing list