Card only available to root user

Crypto Stick cryptostick at privacyfoundation.de
Tue Nov 29 21:27:50 CET 2011


Hi Luis, sorry for the late reply.

You need an appropriate UDEV rule. On Debian you can install the
following package:
https://www.assembla.com/spaces/cryptostick/documents/ds_EMCisGr4k7QeJe5cbCb/download/ds_EMCisGr4k7QeJe5cbCb

Alternatively and on other systems you might copy the following UDEV
rule to the directory /etc/udev/rules.d

https://www.privacyfoundation.de/wiki/CryptoStickSoftware?action=AttachFile&do=view&target=40-cryptostick.rules

Am 05.08.2011 05:49, schrieb Luis de Bethencourt:
> On Thu, Aug 04, 2011 at 11:25:36PM +0200, Luis de Bethencourt wrote:
>> Hi everybody and thanks for the help.
>>
>> I recently upgraded my GnuPG setup with a Smart Card (GnuPG Card v2).
>>
>> I can get/set the information of the card through the root user, but this is
>> not good for everyday use. I think I have pinpointed the problem, scdaemon
>> iny my machine doesn't like anybody but root.
>>
>> Here is a paste of a few commands to show the problem:
>>
>> luisbg at atlas ~ $ gpg --card-status
>> gpg: selecting openpgp failed: Unsupported certificate
>> gpg: OpenPGP card not available: Unsupported certificate
>>
>> luisbg at atlas ~ $ sudo gpg --card-status
>> scdaemon[31077]: reading public key failed: Missing item in object
>> scdaemon[31077]: reading public key failed: Missing item in object
>> Application ID ...: D276000124010200000500000CC90000
>> Version ..........: 2.0
>> Manufacturer .....: ZeitControl
>> Serial number ....: 00000CC9
>> Name of cardholder: Luis de Bethencourt
>> Language prefs ...: en
>> Sex ..............: male
>> URL of public key : http://people.collabora.com/~luisbg/gpg_pub_key_873B518D
>> Login data .......: luisbg
>> Signature PIN ....: not forced
>> Key attributes ...: 2048R 2048R 2048R
>> Max. PIN lengths .: 32 32 32
>> PIN retry counter : 3 0 3
>> Signature counter : 2
>> Signature key ....: 3F4A 28A6 568A CD30 480A  F9EB 6BBF 9F19 873B 518D
>>       created ....: 2011-07-26 12:22:00
>> Encryption key....: [none]
>> Authentication key: [none]
>> General key info..: [none]
>> scdaemon[31077]: updating slot 0 status: 0x0000->0x0007 (0->1)
>>
>> luisbg at atlas ~ $ gpg-agent --server gpg-connect-agent
>> OK Pleased to meet you
>> SCD LEARN
>> S SERIALNO D276000124010200000500000CC90000 0
>> INQUIRE KNOWNCARDP D276000124010200000500000CC90000 0
>> scdaemon[31088]: updating slot 0 status: 0x0000->0x0007 (0->1)
>>
>>
>> Notice how I can check the status as root, and do SCD Learn as my user. But not
>> check the status as my user (or sign my mails, which is the main problem). Also
>> pcsc_scan works with my user, it shows the Serial number of the card.
>>
>> If it helps, I'm running gentoo with:
>> gpg (GnuPG) 2.0.17
>> scdaemon (GnuPG) 2.0.17
>> pcsc-lite version 1.7.2
>> gpg-agent (GnuPG) 2.0.17
>>
>> luisbg at atlas ~ $ gpgconf 
>> gpg:GPG for OpenPGP:/usr/bin/gpg2
>> gpg-agent:GPG Agent:/usr/bin/gpg-agent
>> scdaemon:Smartcard Daemon:/usr/bin/scdaemon
>> gpgsm:GPG for S/MIME:/usr/bin/gpgsm
>> dirmngr:Directory Manager:/usr/bin/dirmngr
>>
>>
>> Thanks a million for the help,
>> Luis
> 
> 
> By the way, I should mention I have replicated this issue in my two gentoo-based
> machines.
> 
> But then got the card and reader working very easily in an other machine which
> runs debian. So the hardware is OK. Unforunately for this case, my laptop is
> one of the gentoo machines, and that is the machine I will make more use of the
> card.
> 
> Thanks,
> Luis
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list