Omnikey 3821 with OpenPGP Card and Pin Pad Entry

Tristan Santore tristan.santore at
Thu Oct 24 07:48:14 CEST 2013

Dear All,

I have finally had time to play with the Omnikey 3821 and my OpenPGP
cards. Yesterday, I somehow managed to get the Omnikey reader to accept
pinpad entries. I suspect it was the enable-pinpad-varlen option in
~/.gnupg/scdaemon.conf, which did this. This worked for setting the
password on card, but would not accept the password for an Auth Key I
generated, that is expert mode then deselect (E) and (S) to leave the
(A)uthentication bit.

When I now set the enable-pinpad-varlen I keep getting:

debug1: Offering RSA public key: cardno:00050XXXXXXXX
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug2: input_userauth_pk_ok: fp
debug3: sign_and_send_pubkey: RSA
Agent admitted failure to sign using the key.
debug1: Trying private key: /home/blah.....

Also, when I try gpg2 --card-edit, pinentry does not ask me to enter the
pin, with the pinpad showing the request on the Omnikey's LCD screen.

When I remove the enable-pinpad-varlen option from
~/gnupg/scdaemon.conf, pinpad-gtk pops up and asks me to enter the password.

Is there something I missed ? It worked fine yesterday, minus the Auth
pin issue. I was hoping to finally get there with the setup and be able
to use the pinpad for pin entries.

Any insights of you all, would be most appreciated.

If I can provide you with any further output, which might help, let me
know how and what you need, and I will be most happy to oblige.

Thank you in advance.




Tristan Santore BSc MBCS
Network and Infrastructure Operations
Mobile +44-78-55069812
Tristan.Santore at

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
TSantore at

More information about the Gnupg-users mailing list