Add option for scdaemon to open smart card in non-exclusive mode

Bernhard Reiter bernhard at intevation.de
Wed Sep 14 08:38:39 CEST 2016


Am Mittwoch 14 September 2016 03:16:35 schrieb Uri Blumenthal:
> > The next steps would be to
> > a) write it down, open up a ticket on bugs.gnupg.org
> > <http://bugs.gnupg.org/>
>
> Will do soon.

(Check if there is one already of course. :))

> Since I don’t have money to offer, I guess I will do the work - thankfully
> the expected efforts should be fairly low.

You can also try to convince others that this is a useful feature.
As I am not on a macosx machine, I don't face that problem for instance.

> > A workaround in your case could be to use two readers, one for each
> > token.
>
> Sorry, can’t work. For one - there are only two USB ports on my MacBook,
> and they are already used! Second and more important - this is one and the
> same physical token.

You could use a usb hub I guess and two tokens...
but I see your point. 

> It certainly is feasible, as OpenSC proves quite nicely. That’s how PIV
> tokens work with OpenSC on Mac today: tokend connects to it and interfaces
> with the native Apple applications, while OpenSSL and Firefox use OpenSC
> PKCS#11 library to talk to the token directly. OpenSC provides a mechanism
> to detect if token’s state changed.
>
> Also, please note that I do not suggest eradicating exclusive access. I
> merely request that the user is given an option to configure scdaemon to
> connect in non-exclusive mode when the appropriate parameter in the config
> file is set. The default can well stay as it is now. --

Then you are right and if you suggest a patch I am confident that other 
GnuPG-developers will give it a look.

Best,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160914/8e92bf5f/attachment.sig>


More information about the Gnupg-devel mailing list