Way to use existing scdaemon

Daurnimator quae at daurnimator.com
Thu Feb 23 00:00:34 CET 2017


On 21 February 2017 at 15:08, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On Mon 2017-02-20 21:53:40 -0500, Daurnimator wrote:
>> I want to be able to run scdaemon as my own user daemon (without
>> running gpg-agent).
>> This isn't a problem, except that you can't really run more than one
>> scdaemon at once.
>> So if some misc program starts gpg-agent, then gpg-agent starts it's
>> *own* scdaemon, which doesn't work as intended.due to the first one
>> already having e.g. my smart card open.
>> ==> I'd like an option to put in my gpg-agent.conf to tell it to try
>> to find a 'scdaemon --multi-server' socket ready and waiting
>> somewhere.
>>
>>> You can use all scdaemon commands via gpg-agent by prefixing the command
>>> with "SCD ", like this
>>>
>>>   $ gpg-connect-agent
>>>   > scd apdu --atr
>>>   S CARD-ATR 3BDA11FF81B1FE551F0300318473800180009000E4
>>>   OK
>>
>> I'm hoping to not run gpg-agent.
>
> you've said twice in here that you don't want to run gpg-agent, but
> people here have already told you that scdaemon is really designed to be
> supervised by gpg-agent.  And it sounds like you're likely to have an
> instance of gpg-agent running anyway, so it's not like you are trying to
> build a machine that doesn't have gpg-agent installed at all, either.
>
> So it kind of sounds like the old routine where the patient says "doc,
> it hurts when i do this," and the doctor says "well, don't do that then"
> :P
>
> Maybe you've got a good reason to want to run scdaemon without running
> gpg-agent, but we don't know what it is.  Can you explain a bit more why
> running gpg-agent to supervise scdaemon is a problem for you?

I'm playing around with writing my own replacement for gpg-agent
(which has it's whole own set of reasons).
Having it require gpg-agent running seems superbly redundant: however
at the same time I don't want to conflict with it.

scdaemon seems like a useful piece of software standalone: I can see
myself wanting to run it outside of a single gpg-agent anyway e.g. to
have multiple gpg-agents running; or starting it on demand via a
systemd unit.



More information about the Gnupg-devel mailing list