smart card under linux
philip.jackson at nordnet.fr
Tue Oct 21 17:26:54 CEST 2014
On 21/10/14 15:33, Tristan Santore wrote:
> On 21/10/14 14:10, Philip Jackson wrote:
>> On 21/10/14 12:59, Tristan Santore wrote:
>>> On 20/10/14 23:36, Philip Jackson wrote:
>>>> going under my UbuntuStudio 1404 linux. Using gnupg2 2.0.26.
>>>> Trying to use the GnuPG driver to access CCID cards, "gpg2 --card-status" yields
>>>> the following output :
>>>> gpg: selecting openpgp failed: Card error
>>>> gpg: OpenPGP card not available: Card error
>>>> I've followed, I believe, all the instructions in the gnupg.com smartcard howto.
>>>> In para 2.3.1 CCID : I've tried both the instructions under 'with udev
>>>> (preferred installation)' and further down 'with hotplug (deprecated in modern
>>>> In the /etc/udev/rules.d/ directory there is a README which says that symbolic
>>>> links should not be used in Ubuntu (unlike Debian) so I placed a copy of
>>>> gnupg-ccid.rules directly in that directory. But that didn't help.
>>>> lsusb shows that the SCM card reader is recognised and present but gpg doesn't
>>>> seem to be able to make contact.
>>>> I'd appreciate any ideas for what to try next.
>>> Further, to the previous question, which distribution are you currently using ?
>>> There is a locking issue in Fedora with pcscd. I have not had time to dig deeper
>>> yet, but libvirt and some other binaries appear to be blocking the card.
>> I'm using UbuntuStudio 1404 - one of the Ubuntu flavours.
>> Practically all I know about smart cards is from the GnuPG smartcard howto on
>> gnupg.org website. There, it makes reference to 'Two standard protocols are used
>> by GnuPG to access card readers.' and then proceeds to cover CCID in some detail
>> with three apparent alternatives being detailed.
>> It then treats the other protocol, PC/SC, but all it says is "TODO - To use
>> PC/SC make sure you disable CCID by passing the --disable-ccid option to GnuPG."
>> From this I assumed that CCID was perhaps either preferred / more important /
>> more useful / or more modern so I didn't touch anything about PCSC and this
>> means that pcscd is not running on my system.
>> Is this a major error on my part ?
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
> Find out where your library for libpcsclite is, then run lsof on it like below:
> lsof /usr/lib64/libpcsclite.so.1.0.0
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
> Output information may be incomplete.
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> libvirtd 3461 root mem REG 253,2 47896 1081788 /usr/lib64/libpcsclite.so.1.0.0
> pcscd 3462 root mem REG 253,2 47896 1081788 /usr/lib64/libpcsclite.so.1.0.0
> upowerd 3606 root mem REG 253,2 47896 1081788 /usr/lib64/libpcsclite.so.1.0.0
> You will probably get output similar to this. Then you can kill the pids, of the processes that are blocking the card.
> However, as I said, add systemctl restart pcscd a s a sudo option, which should be much easier and not interfere with the other processes.
lsof doesn't produce anything except :
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
So libpcsclite is not in use which kind of lines up with what I wrote above
about choosing to try the howto CCID protocol rather than the pcsc protocol.
More information about the Gnupg-users