OpenPGP smartcard - authentication key

Wolfgang Rosenauer wolfgang.rosenauer at
Wed May 4 13:25:39 CEST 2005


Werner Koch wrote:

>>The other thing is (more an OpenSSH question) how to tell openssh to
>>use the key from the card?
> This is easier: Just install gnupg 1.9.16, read the manual of the
> scdaemon and gpg-agent and enable ssh-support.  Works very well,
> unless you want to use the reader aso with gnupg 1.4 - this won't work
> becuase scdaemon/gpg-agent have exclusive access to the reader. I am
> working on this; it will need changes in scdaemon and gpg 1.4.

OK, I have gnupg 1.9.16 installed now and configured scdaemon to connect 
with ctapi driver directly to the reader. (gpg-agent not running as 
daemon yet)

I get the following now:

- gpg --card-status does still work (gnupg 1.4.0)
- gpg2 --card-status shows

stark at t41p:~/.gnupg> gpg2 --card-status
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: WARNING: This version of gpg is not very matured and
gpg: WARNING: only intended for testing.  Please keep using
gpg: WARNING: gpg 1.2.x, 1.3.x or 1.4.x for OpenPGP
gpg: DBG: connection to agent established
scdaemon[9212]: NOTE: this is a development version!
scdaemon[9212]: updating status of slot 0 to 0x0007
gpg-agent[9211]: card has S/N: D2760001240101010001000004B00000
scdaemon[9212]: app_readcert failed: Nicht unterstützte Verarbeitungsaufgabe
gpg-agent[9211]: error reading certificate: Nicht unterstützte 
gpg-agent[9211]: command learn failed: Nicht unterstützte 
gpg: OpenPGP card not available: Nicht unterstützte Verarbeitungsaufgabe
stark at t41p:~/.gnupg> scdaemon[9212]: ct_activate_card(0): activation 
failed: okay
scdaemon[9212]: DBG:   received data: 62 01

What does it mean?

In addition I tried to understand the documentation correctly but failed :-(

As soon as gpg-agent is running with --enable-ssh-support it will 
emulate the ssh-agent behaviour and I can add keys with ssh-add as 
before. But I haven't found an information how to add the authentication 
key from the OpenPGP card as SSH key.


More information about the Gnupg-users mailing list