Surprising gnupg-agent action with OpenPGP card

Werner Koch wk at gnupg.org
Sun Sep 16 12:23:35 CEST 2007


On Fri, 14 Sep 2007 22:47, jam at jamux.com said:

>         gpg: DBG: connection to agent established
>         gpg: OpenPGP card net availableS No SmartCard daemon

Either scdaemon is not instaled or gpg-agent is not abale to start it.
Also check that gpg-agent.conf does not have the option
--disable-scdaemon active.

> and nothing from 'debug-ccid-driver' while 'gpg --card-status' works

Well, if gpg can't use scdaemon it falls back to its own code.  It needs
to use scdaemon via gpg-agent becuase scdaemon would have opened the
card reader and it requires exlusive access to it.

> Apparently gnome starts '/usr/bin/gpg-agent --daemon --sh' on login to
> the new user account.  On Debian, /usr/bin/scdaemon is installed by
> the gpgsm package which is depended upon by the gnupg-agent package.

Add debugging to gpg-agent, using verbose and log-file in gpg-agent.conf
could suffice.  You might also want to use watchgnupg daemon which is a
smarter way of looking at the log files becuase alllog output from the
daemons are collected in one stream.  I usually have an xterm running
with  "watchgnupg --force ~/.gnupg/S.log" and a 
  "log-file socket:///home/foo/.gnupg/S.log"
in {gpg-agent,gpgsm,scdaemon.dirmngr}.conf.  For this. gpg2 you need to
have a separate conf file ("gpg.conf-2) if you want to have this log
option so that can still use .

Use gpg-connect-agent for debugging: "gpg-connect-agent -v" gives
aprompt.  You may enter tehre "/help" for some advanced commands, but in
general you will use:
  SCD SERIALNO
The "SCD" is a prefix which lets gpg-agent pass the rest of the line
verbatim to scdaemon; that is, it is the same as starting "scdaemon
--server".  for a list of the commands available see the gnupg info page.


Shalom-Salam,

   Werner



-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list