smart card under linux

Philip Jackson philip.jackson at nordnet.fr
Tue Oct 21 17:26:54 CEST 2014


On 21/10/14 15:33, Tristan Santore wrote:
> On 21/10/14 14:10, Philip Jackson wrote:
>> On 21/10/14 12:59, Tristan Santore wrote:
>>> On 20/10/14 23:36, Philip Jackson wrote:
>> ........snip....
>>
>>>> going under my UbuntuStudio 1404 linux. Using gnupg2 2.0.26.
>>>>
>>>> Trying to use the GnuPG driver to access CCID cards, "gpg2 --card-status" yields
>>>> the following output :
>>>>
>>>> gpg: selecting openpgp failed: Card error
>>>> gpg: OpenPGP card not available: Card error
>>>>
>>>>
>>>> I've followed, I believe, all the instructions in the gnupg.com smartcard howto.
>>>>  In para 2.3.1 CCID : I've tried both the instructions under 'with udev
>>>> (preferred installation)' and further down 'with hotplug (deprecated in modern
>>>> systems)'
>>>>
>>>> In the /etc/udev/rules.d/ directory there is a README which says that symbolic
>>>> links should not be used in Ubuntu (unlike Debian) so I placed a copy of
>>>> gnupg-ccid.rules directly in that directory.  But that didn't help.
>>>>
>>>> lsusb shows that the SCM card reader is recognised and present but gpg doesn't
>>>> seem to be able to make contact.
>>>>
>>>> I'd appreciate any ideas for what to try next.
>>>> Philip,
>>> Further, to the previous question, which distribution are you currently using ?
>>> There is a locking issue in Fedora with pcscd. I have not had time to dig deeper
>>> yet, but libvirt and some other binaries appear to be blocking the card.
>>>
>> I'm using UbuntuStudio 1404 - one of the Ubuntu flavours.
>>
>> Practically all I know about smart cards is from the GnuPG smartcard howto on
>> gnupg.org website. There, it makes reference to 'Two standard protocols are used
>> by GnuPG to access card readers.' and then proceeds to cover CCID in some detail
>> with three apparent alternatives being detailed.
>>
>> It then treats the other protocol, PC/SC, but all it says is "TODO - To use
>> PC/SC make sure you disable CCID by passing the --disable-ccid option to GnuPG."
>>
>> From this I assumed that CCID was perhaps either preferred / more important /
>> more useful / or more modern so I didn't touch anything about PCSC and this
>> means that pcscd is not running on my system.
>>
>> Is this a major error on my part ?
>>
>> Philip
>>
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> Find out where your library for libpcsclite is, then run lsof on it like below:
> 
> lsof /usr/lib64/libpcsclite.so.1.0.0
> 
> 
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
>       Output information may be incomplete.
> COMMAND   PID USER  FD   TYPE DEVICE SIZE/OFF    NODE NAME
> libvirtd 3461 root mem    REG  253,2    47896 1081788 /usr/lib64/libpcsclite.so.1.0.0
> pcscd    3462 root mem    REG  253,2    47896 1081788 /usr/lib64/libpcsclite.so.1.0.0
> upowerd  3606 root mem    REG  253,2    47896 1081788 /usr/lib64/libpcsclite.so.1.0.0
> 
> You will probably get output similar to this. Then  you can kill the pids, of the processes that are blocking the card.
> 
> However, as I said, add systemctl restart pcscd a s a sudo option, which should be much easier and not interfere with the other processes.
> 
lsof doesn't produce anything except :

lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
      Output information may be incomplete.

So libpcsclite is not in use which kind of lines up with what I wrote above
about choosing to try the howto CCID protocol rather than the pcsc protocol.

Philip



More information about the Gnupg-users mailing list