Card only available to root user

Luis de Bethencourt luis at debethencourt.com
Fri Aug 5 01:49:21 CEST 2011


Hi everybody and thanks for the help.

I recently upgraded my GnuPG setup with a Smart Card (GnuPG Card v2).

I can get/set the information of the card through the root user, but this is
not good for everyday use. I think I have pinpointed the problem, scdaemon
iny my machine doesn't like anybody but root.

Here is a paste of a few commands to show the problem:

luisbg at atlas ~ $ gpg --card-status
gpg: selecting openpgp failed: Unsupported certificate
gpg: OpenPGP card not available: Unsupported certificate

luisbg at atlas ~ $ sudo gpg --card-status
scdaemon[31077]: reading public key failed: Missing item in object
scdaemon[31077]: reading public key failed: Missing item in object
Application ID ...: D276000124010200000500000CC90000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 00000CC9
Name of cardholder: Luis de Bethencourt
Language prefs ...: en
Sex ..............: male
URL of public key : http://people.collabora.com/~luisbg/gpg_pub_key_873B518D
Login data .......: luisbg
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 2
Signature key ....: 3F4A 28A6 568A CD30 480A  F9EB 6BBF 9F19 873B 518D
      created ....: 2011-07-26 12:22:00
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
scdaemon[31077]: updating slot 0 status: 0x0000->0x0007 (0->1)

luisbg at atlas ~ $ gpg-agent --server gpg-connect-agent
OK Pleased to meet you
SCD LEARN
S SERIALNO D276000124010200000500000CC90000 0
INQUIRE KNOWNCARDP D276000124010200000500000CC90000 0
scdaemon[31088]: updating slot 0 status: 0x0000->0x0007 (0->1)


Notice how I can check the status as root, and do SCD Learn as my user. But=
 not
check the status as my user (or sign my mails, which is the main problem). =
Also
pcsc_scan works with my user, it shows the Serial number of the card.

If it helps, I'm running gentoo with:
gpg (GnuPG) 2.0.17
scdaemon (GnuPG) 2.0.17
pcsc-lite version 1.7.2
gpg-agent (GnuPG) 2.0.17

luisbg at atlas ~ $ gpgconf=20
gpg:GPG for OpenPGP:/usr/bin/gpg2
gpg-agent:GPG Agent:/usr/bin/gpg-agent
scdaemon:Smartcard Daemon:/usr/bin/scdaemon
gpgsm:GPG for S/MIME:/usr/bin/gpgsm
dirmngr:Directory Manager:/usr/bin/dirmngr

Thanks a million for the help,
Luis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110805/6d419563/attachment-0001.pgp>


More information about the Gnupg-users mailing list