Card only available to root user

Luis de Bethencourt luis at debethencourt.com
Thu Aug 4 23:25:36 CEST 2011


Hi everybody and thanks for the help.

I recently upgraded my GnuPG setup with a Smart Card (GnuPG Card v2).

I can get/set the information of the card through the root user, but this is
not good for everyday use. I think I have pinpointed the problem, scdaemon
iny my machine doesn't like anybody but root.

Here is a paste of a few commands to show the problem:

luisbg at atlas ~ $ gpg --card-status
gpg: selecting openpgp failed: Unsupported certificate
gpg: OpenPGP card not available: Unsupported certificate

luisbg at atlas ~ $ sudo gpg --card-status
scdaemon[31077]: reading public key failed: Missing item in object
scdaemon[31077]: reading public key failed: Missing item in object
Application ID ...: D276000124010200000500000CC90000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 00000CC9
Name of cardholder: Luis de Bethencourt
Language prefs ...: en
Sex ..............: male
URL of public key : http://people.collabora.com/~luisbg/gpg_pub_key_873B518D
Login data .......: luisbg
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 2
Signature key ....: 3F4A 28A6 568A CD30 480A  F9EB 6BBF 9F19 873B 518D
      created ....: 2011-07-26 12:22:00
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
scdaemon[31077]: updating slot 0 status: 0x0000->0x0007 (0->1)

luisbg at atlas ~ $ gpg-agent --server gpg-connect-agent
OK Pleased to meet you
SCD LEARN
S SERIALNO D276000124010200000500000CC90000 0
INQUIRE KNOWNCARDP D276000124010200000500000CC90000 0
scdaemon[31088]: updating slot 0 status: 0x0000->0x0007 (0->1)


Notice how I can check the status as root, and do SCD Learn as my user. But not
check the status as my user (or sign my mails, which is the main problem). Also
pcsc_scan works with my user, it shows the Serial number of the card.

If it helps, I'm running gentoo with:
gpg (GnuPG) 2.0.17
scdaemon (GnuPG) 2.0.17
pcsc-lite version 1.7.2
gpg-agent (GnuPG) 2.0.17

luisbg at atlas ~ $ gpgconf 
gpg:GPG for OpenPGP:/usr/bin/gpg2
gpg-agent:GPG Agent:/usr/bin/gpg-agent
scdaemon:Smartcard Daemon:/usr/bin/scdaemon
gpgsm:GPG for S/MIME:/usr/bin/gpgsm
dirmngr:Directory Manager:/usr/bin/dirmngr


Thanks a million for the help,
Luis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110804/03898ad6/attachment-0001.pgp>


More information about the Gnupg-users mailing list