Problems with GnuPG and Smartcard (opensc + pcsc)

Slawek Gonet gonet9 at gmail.com
Fri Feb 3 14:41:53 CET 2012 

Hello.

I'm trying to follow this howto:
http://www.rainerkeller.de/etoken.htm
To start using my smartcard as gpg-key.

My smartcard and terminal:
- Aladdin eToken 32k Pro (initialised with pkcs15-init):
- Info : CardOS V4.2B (C) Siemens AG 1994-2005
- pkcs11-tool --module /usr/lib/opensc-pkcs11.so -L:
  Slot 1 (0x1): HP USB Smartcard Reader [HP USB Smartcard Reader] (0000000000000
    token label:   Slawomir Gonet (User PIN)
    token manuf:   OpenSC Project
    token model:   PKCS#15
    token flags:   login required, PIN initialized, token initialized
    serial num  :  XXXBDCXXXXX

Objects on my smartcard from pkcs15-tool -D:
  PKCS#15 Card [Slawomir Gonet]:
  PIN [User PIN]
    Object Flags   : [0x3], private, modifiable
    ID             : 01
    Flags          : [0x32], local, initialized, needs-padding
  Private RSA Key [Private Key]
    Object Flags   : [0x3], private, modifiable
    Usage          : [0x4], sign
    Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
  Public RSA Key [Public Key]
    Object Flags   : [0x2], modifiable
    Usage          : [0x4], sign
    Access Flags   : [0x0]
  X.509 Certificate [Certificate]
    Object Flags   : [0x2], modifiable
    Authority      : no


~/.gnupg $ cat gnupg-pkcs11-scd.conf 
  # Log file.
  # log-file log1
  # Default is not verbose.
  # verbose
  # Default is no debugging.
  # debug-all
  # Pin cache period in seconds; default is infinite.
  # pin-cache 20
  # Comma-separated list of available provider names. Then set
  # attributes for each provider using the provider-[name]-attribute
  # syntax.
  providers opensc
  # Provider attributes (see below for detailed description)
  provider-opensc-library /usr/lib/opensc-pkcs11.so
  emulate-openpgp
  openpgp-sign XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  openpgp-encr XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  openpgp-auth XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


---------------------------------------------------------------------------

My problem:

Following the howto:
$ gpg-agent --server
OK Pleased to meet you
SCD LEARN
gnupg-pkcs11-scd[3994.3616020224]: Listening to socket '/tmp/gnupg-pkcs11-scd.q0utvT/agent.S'
gnupg-pkcs11-scd[3994]: chan_5 -> OK PKCS#11 smart-card server for GnuPG ready
gnupg-pkcs11-scd[3994]: chan_5 <- GETINFO socket_name
gnupg-pkcs11-scd[3994]: chan_5 -> D /tmp/gnupg-pkcs11-scd.q0utvT/agent.S
gnupg-pkcs11-scd[3994]: chan_5 -> OK
gnupg-pkcs11-scd[3994]: chan_5 <- LEARN
gnupg-pkcs11-scd[3994]: chan_5 -> S SERIALNO D276...
S SERIALNO D276..
gnupg-pkcs11-scd[3994]: chan_5 -> S APPTYPE PKCS11
S APPTYPE PKCS11
gnupg-pkcs11-scd[3994]: chan_5 -> S KEY-FRIEDNLY 1A7A6F350... /C=XX/ST=XXXXXXX/L=XXXXXXXX/CN=Slawomir
Gonet/emailAddress=gonet9 at gmail.com on Slawomir Gonet (User PIN)
gnupg-pkcs11-scd[3994]: chan_5 -> S KEYPAIRINFO 1A7A6F350... 
OpenSC\x20Project/PKCS\x2315/25BBDC102315/Slawomir\x20Gonet\x20\x28User\x20PIN\x29/45
gnupg-pkcs11-scd[3994]: chan_5 -> OK
S KEY-FRIEDNLY 1A7A6F350... /C=XX/ST=XXXXXXXX/L=XXXXXXX/CN=Slawomir Gonet/emailAddress=gonet9 at gmail.com on
Slawomir Gonet (User PIN)
S KEYPAIRINFO 1A7A6F350... OpenSC\x20Project/PKCS\x2315/25BBDC102315/Slawomir\x20Gonet\x20\x28User\x20PIN\x29/45

------------------

So, as you can see I'm getting only one KEY-FRIEDNLY instead of two:
S KEY-FRIEDNLY 1A7A6F350... /C=XX/ST=XXXXXXXX/L=XXXXXXX/CN=Slawomir Gonet/emailAddress=gonet9 at gmail.com on
Slawomir Gonet (User PIN)

What I'm doing wrong? Please, help.

Regards,
SG

More information about the Gnupg-users mailing list