gpg-2.1.6 scdaemon: cannot disable OpenPGP application
gniibe at fsij.org
Wed Jul 8 10:02:00 CEST 2015
Thank you for your report. I maintain scdaemon of GnuPG.
On 07/07/2015 10:40 PM, Marek Szuba wrote:
> I have run into problems trying to get GnuPG (version 2.1.6, running
> under Linux/amd64) to talk to my SmartCard-HSM. The card has been
> working perfectly so far, ditto the reader (indeed, I can see in the
> logs that the latter is seen by scdaemon). Judging from the fact the
> string sd-hsm does appear inside the scdaemon binary, this application
> should - as expected - be supported. Okay, here goes:
Since I don't have any experience with SmartCard-HSM, could you please
let me know how it worked and what version of GnuPG?
> $ gpg --card-status
> [the reader gets detected and its LED blinks once]
> scdaemon can't select application 'openpgp': Not supported
> gpg: OpenPGP card not available: Not supported
> Makes sense, this is not an OpenPGP card so no wonder the application
> cannot be selected. I've killed the running instance of scdaemon and in
> order to prevent it from getting stuck on this in the future, added
> disable-application openpgp
> to ~/.gnupg/scdaemon.conf.
> The problem is, I still get exactly the same error with that line in the
> config... Messing with debug levels hasn't revealed anything
> enlightening, merely confirming that scdaemon happily keeps on trying to
> use the supposedly-disabled application. Running gpg as root has not
> helped either.
> I would very much appreciate any help you could offer me with solving
> this problem. Should you require any more information, please let me know!
It is gpg frontend which submits request "SCD SERIALNO openpgp" (with
specific apptype=openpgp) to gpg-agent and gpg-agent relays it to
scdaemon. The code is there since 2009.
The setting of 'disable-application openpgp' is only valid when the
command doesn't come with apptype.
IIUC, there was the error message, too. It might be the stderr was
not to directed TTY in other versions, perhaps.
Are there any problems for the functionality?
More information about the Gnupg-users