Card only available to root user

Luis de Bethencourt luis at debethencourt.com
Fri Aug 5 10:31:47 CEST 2011 

On Fri, Aug 05, 2011 at 10:25:33AM +0200, Luis de Bethencourt wrote:
> On Fri, Aug 05, 2011 at 09:32:35AM +0200, Werner Koch wrote:
> > On Fri,  5 Aug 2011 01:49, luis at debethencourt.com said:
> > >
> > > luisbg at atlas ~ $ gpg --card-status
> > > gpg: selecting openpgp failed: Unsupported certificate
> > 
> > What kind of reader are you using?

Missed this question the first time around...
It is a SCM Microsystems SCR 335

> > 
> > > luisbg at atlas ~ $ gpg-agent --server gpg-connect-agent
> > 
> > Now that is a strange command.  The "gpg-connect-agent" argument is
> > simply ignored.  What you do is sto start a new gpg-agent in --server
> > mode, that is without it listening on a socket but connected to the tty.
> > 
> > You should first start gpg-agent after checking that no other one is
> > running.  For testing I do it this way
> > 
> >   $ gpg-agent --daemon sh
> > 
> > This creates a new shell and if you terminate this shell (exit) the
> > gpg-agent will terminate as well after a few seconds.  Then use
> > 
> >   $ gpg-connect-agent
> >   SCD SERIALNO
> >   BYE
> > 
> > or 
> > 
> >   $ gpg-connect-agent 'SCD SERIALNO' /bye
> > 
> > or to get all info from the card
> > 
> >   $ gpg-connect-agent 'scd learn --force' /bye
> >
> 
> When I do it as you say I get:
> gpg-connect-agent 'scd learn --force' /bye
> ERR 103 unknown command
> 
> I always get that 'unknown command' error in all the variatons you explained.
> 
> But it works when I do it through gpg-agent --server.
>  
> > 
> > My guess at your problem is that there is another gpg-agent running
> > which has the scdaemon open.  The one you started under root?
> > 
> 
> It looks like everytime I do gpg --card-status it spawns a new scdaemon. After
> the card information you can see the following line:
> 
> scdaemon[7684]: scdaemon (GnuPG) 2.0.17 stopped
> 
> and ps doesn't show any scdaemon running after that.
> 
> > To debug this you should put these lines into scdaemon.conf
> > 
> > log-file /foo/bar/scd.log
> > debug 2049
> > debug-ccid-driver
> > verbose
> > 

I've created this conf file both in my home and root's.
When I run gpg --card-status as my user, there is no file created.
But when I run it in root it does create this file.

Is this confirmation that when running as root scdaemon is being spawned
but when running as user it can't use scdaemon?

I can paste the content of that log file if you want it. Asking before doing
so since it's a bit lengthy.

Thanks for all the help,
Luis

> > 
> > Salam-Shalom,
> > 
> >    Werner
> > 
> > 
> > -- 
> > Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> > 
> 
> Thanks for the help,
> Luis


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110805/3161a8bb/attachment.pgp>

More information about the Gnupg-users mailing list