OpenPGP smartcard - authentication key
Wolfgang Rosenauer
wolfgang.rosenauer at an-netz.de
Wed May 4 13:25:39 CEST 2005
Hi,
Werner Koch wrote:
>>The other thing is (more an OpenSSH question) how to tell openssh to
>>use the key from the card?
>
> This is easier: Just install gnupg 1.9.16, read the manual of the
> scdaemon and gpg-agent and enable ssh-support. Works very well,
> unless you want to use the reader aso with gnupg 1.4 - this won't work
> becuase scdaemon/gpg-agent have exclusive access to the reader. I am
> working on this; it will need changes in scdaemon and gpg 1.4.
OK, I have gnupg 1.9.16 installed now and configured scdaemon to connect
with ctapi driver directly to the reader. (gpg-agent not running as
daemon yet)
I get the following now:
- gpg --card-status does still work (gnupg 1.4.0)
- gpg2 --card-status shows
stark at t41p:~/.gnupg> gpg2 --card-status
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: WARNING: This version of gpg is not very matured and
gpg: WARNING: only intended for testing. Please keep using
gpg: WARNING: gpg 1.2.x, 1.3.x or 1.4.x for OpenPGP
gpg: DBG: connection to agent established
scdaemon[9212]: NOTE: this is a development version!
scdaemon[9212]: updating status of slot 0 to 0x0007
gpg-agent[9211]: card has S/N: D2760001240101010001000004B00000
scdaemon[9212]: app_readcert failed: Nicht unterstützte Verarbeitungsaufgabe
gpg-agent[9211]: error reading certificate: Nicht unterstützte
Verarbeitungsaufgabe
gpg-agent[9211]: command learn failed: Nicht unterstützte
Verarbeitungsaufgabe
gpg: OpenPGP card not available: Nicht unterstützte Verarbeitungsaufgabe
stark at t41p:~/.gnupg> scdaemon[9212]: ct_activate_card(0): activation
failed: okay
scdaemon[9212]: DBG: received data: 62 01
What does it mean?
In addition I tried to understand the documentation correctly but failed :-(
As soon as gpg-agent is running with --enable-ssh-support it will
emulate the ssh-agent behaviour and I can add keys with ssh-add as
before. But I haven't found an information how to add the authentication
key from the OpenPGP card as SSH key.
Thanks,
Wolfgang
More information about the Gnupg-users
mailing list