Card only available to root user

Luis de Bethencourt luis at debethencourt.com
Thu Aug 4 23:49:55 CEST 2011 

On Thu, Aug 04, 2011 at 11:25:36PM +0200, Luis de Bethencourt wrote:
> Hi everybody and thanks for the help.
> 
> I recently upgraded my GnuPG setup with a Smart Card (GnuPG Card v2).
> 
> I can get/set the information of the card through the root user, but this is
> not good for everyday use. I think I have pinpointed the problem, scdaemon
> iny my machine doesn't like anybody but root.
> 
> Here is a paste of a few commands to show the problem:
> 
> luisbg at atlas ~ $ gpg --card-status
> gpg: selecting openpgp failed: Unsupported certificate
> gpg: OpenPGP card not available: Unsupported certificate
> 
> luisbg at atlas ~ $ sudo gpg --card-status
> scdaemon[31077]: reading public key failed: Missing item in object
> scdaemon[31077]: reading public key failed: Missing item in object
> Application ID ...: D276000124010200000500000CC90000
> Version ..........: 2.0
> Manufacturer .....: ZeitControl
> Serial number ....: 00000CC9
> Name of cardholder: Luis de Bethencourt
> Language prefs ...: en
> Sex ..............: male
> URL of public key : http://people.collabora.com/~luisbg/gpg_pub_key_873B518D
> Login data .......: luisbg
> Signature PIN ....: not forced
> Key attributes ...: 2048R 2048R 2048R
> Max. PIN lengths .: 32 32 32
> PIN retry counter : 3 0 3
> Signature counter : 2
> Signature key ....: 3F4A 28A6 568A CD30 480A  F9EB 6BBF 9F19 873B 518D
>       created ....: 2011-07-26 12:22:00
> Encryption key....: [none]
> Authentication key: [none]
> General key info..: [none]
> scdaemon[31077]: updating slot 0 status: 0x0000->0x0007 (0->1)
> 
> luisbg at atlas ~ $ gpg-agent --server gpg-connect-agent
> OK Pleased to meet you
> SCD LEARN
> S SERIALNO D276000124010200000500000CC90000 0
> INQUIRE KNOWNCARDP D276000124010200000500000CC90000 0
> scdaemon[31088]: updating slot 0 status: 0x0000->0x0007 (0->1)
> 
> 
> Notice how I can check the status as root, and do SCD Learn as my user. But not
> check the status as my user (or sign my mails, which is the main problem). Also
> pcsc_scan works with my user, it shows the Serial number of the card.
> 
> If it helps, I'm running gentoo with:
> gpg (GnuPG) 2.0.17
> scdaemon (GnuPG) 2.0.17
> pcsc-lite version 1.7.2
> gpg-agent (GnuPG) 2.0.17
> 
> luisbg at atlas ~ $ gpgconf 
> gpg:GPG for OpenPGP:/usr/bin/gpg2
> gpg-agent:GPG Agent:/usr/bin/gpg-agent
> scdaemon:Smartcard Daemon:/usr/bin/scdaemon
> gpgsm:GPG for S/MIME:/usr/bin/gpgsm
> dirmngr:Directory Manager:/usr/bin/dirmngr
> 
> 
> Thanks a million for the help,
> Luis


By the way, I should mention I have replicated this issue in my two gentoo-based
machines.

But then got the card and reader working very easily in an other machine which
runs debian. So the hardware is OK. Unforunately for this case, my laptop is
one of the gentoo machines, and that is the machine I will make more use of the
card.

Thanks,
Luis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110804/cef07d0f/attachment-0001.pgp>

More information about the Gnupg-users mailing list