F17 + smartcards: fixed

Robert J. Hansen rjh at sixdemonbag.org
Thu May 31 19:16:17 CEST 2012


As a summary and follow-up:

Fedora 17 has problems out-of-the-box with the SCR 3310 and the OpenPGP
smartcard.  Any card access will fail with a variety of different
errors: the only way to use it is to run as root.  This is caused by
Fedora 17 having inappropriate permissions on the USB device
corresponding to the SCR 3310 smartcard reader, and not knowing how to
properly configure udev entries.

As a fix:

	1.  Create a new group 'scard'.
	2.  Determine exactly which device corresponds to the reader.
	    (Mine was /dev/bus/usb/001/010: yours may be different.)
	3.  Change the group ownership of this device to 'scard'.
	4.  Populate a udev rules file (I used
            /etc/udev/rules/92-local-ccid.rules) with the following:

          # CCID rules for this box

	  ACTION!="add", GOTO="local_ccid_rules_end"
	  SUBSYSTEM=="usb_device", GOTO="local_ccid_rules_real"
	  SUBSYSTEM=="usb", GOTO="local_ccid_rules_real"
	  BUS!="usb", GOTO="local_ccid_rules_end"

	  LABEL="local_ccid_rules_real"

	  ATTR{configuration}=="CCID Class", MODE:="660", GROUP:="scard"

	  # In case the above check did not work, set it explicitly or
	  # this device (SCR3310).
	  ATTR{idVendor}=="04e6", ATTR{idProduct}="5116", MODE:="660",
GROUP:="scard"

	  LABEL="local_ccid_rules_end"

	    Note that the "GROUP:='scard'" is part of the line preceding
	    it, *not* its own separate line.

	5.  Attempt to access the card with gpg2 --card-status.  It
	    should work normally.


Many thanks to Werner for looking into this.  Most of the debugging and
fix is due to him: I had little to do with it except writing up the hot
wash.



More information about the Gnupg-users mailing list