smart card under linux
Tristan Santore
tristan.santore at internexusconnect.net
Tue Oct 21 15:33:44 CEST 2014
On 21/10/14 14:10, Philip Jackson wrote:
> On 21/10/14 12:59, Tristan Santore wrote:
>> On 20/10/14 23:36, Philip Jackson wrote:
> ........snip....
>
>>> going under my UbuntuStudio 1404 linux. Using gnupg2 2.0.26.
>>>
>>> Trying to use the GnuPG driver to access CCID cards, "gpg2 --card-status" yields
>>> the following output :
>>>
>>> gpg: selecting openpgp failed: Card error
>>> gpg: OpenPGP card not available: Card error
>>>
>>>
>>> I've followed, I believe, all the instructions in the gnupg.com smartcard howto.
>>> In para 2.3.1 CCID : I've tried both the instructions under 'with udev
>>> (preferred installation)' and further down 'with hotplug (deprecated in modern
>>> systems)'
>>>
>>> In the /etc/udev/rules.d/ directory there is a README which says that symbolic
>>> links should not be used in Ubuntu (unlike Debian) so I placed a copy of
>>> gnupg-ccid.rules directly in that directory. But that didn't help.
>>>
>>> lsusb shows that the SCM card reader is recognised and present but gpg doesn't
>>> seem to be able to make contact.
>>>
>>> I'd appreciate any ideas for what to try next.
>>> Philip,
>> Further, to the previous question, which distribution are you currently using ?
>> There is a locking issue in Fedora with pcscd. I have not had time to dig deeper
>> yet, but libvirt and some other binaries appear to be blocking the card.
>>
> I'm using UbuntuStudio 1404 - one of the Ubuntu flavours.
>
> Practically all I know about smart cards is from the GnuPG smartcard howto on
> gnupg.org website. There, it makes reference to 'Two standard protocols are used
> by GnuPG to access card readers.' and then proceeds to cover CCID in some detail
> with three apparent alternatives being detailed.
>
> It then treats the other protocol, PC/SC, but all it says is "TODO - To use
> PC/SC make sure you disable CCID by passing the --disable-ccid option to GnuPG."
>
> From this I assumed that CCID was perhaps either preferred / more important /
> more useful / or more modern so I didn't touch anything about PCSC and this
> means that pcscd is not running on my system.
>
> Is this a major error on my part ?
>
> Philip
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
Find out where your library for libpcsclite is, then run lsof on it like below:
lsof /usr/lib64/libpcsclite.so.1.0.0
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
libvirtd 3461 root mem REG 253,2 47896 1081788 /usr/lib64/libpcsclite.so.1.0.0
pcscd 3462 root mem REG 253,2 47896 1081788 /usr/lib64/libpcsclite.so.1.0.0
upowerd 3606 root mem REG 253,2 47896 1081788 /usr/lib64/libpcsclite.so.1.0.0
You will probably get output similar to this. Then you can kill the pids, of the processes that are blocking the card.
However, as I said, add systemctl restart pcscd a s a sudo option, which should be much easier and not interfere with the other processes.
I hope this helps.
Regards,
Tristan
--
Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
Tristan.Santore at internexusconnect.net
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
TSantore at fedoraproject.org
More information about the Gnupg-users
mailing list