gpg and smartcard on ubuntu 16.04
Richard Ulrich
ricul77 at gmail.com
Wed Apr 27 23:02:18 CEST 2016
I didn't read this list for a while, so forgive me if this was
discussed before.
For many years I have used gpg and gpg-agent with ssh support with an
OpenPGP smartcard.
On every ubuntu upgrade I had to fiddle a little bit to have gpg-agent
act for ssh auth. No big deal usually.
But this time, after the usual fiddling, I have it working nicely for
ssh and evolution. But now it's the direct usage of gpg on the command
line that is giving me a hard time. This aspect always worked out of
the box so far.
I use the stock versions from the ubuntu 16.04 repository:
gnupg 1.4.20-1ubuntu3
gnupg2 2.1.11-6ubuntu2
gnupg-agent 2.1.11-6ubuntu2
scdaemon 2.1.11-6ubuntu2
In ~/.bashrc I terminate gpg-agent if it was started without ssh
support, and start it again with:
/usr/bin/gpg-agent --daemon --enable-ssh-support > /dev/null
Now if I want to decrypt a file:
gpg -d Dokumente/somefile.txt.gpg
gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AAAAAAA …
gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e)
gpg: Kartenleser ist nicht vorhanden
gpg --use-agent -d Dokumente/somefile.txt.gpg
gpg: Anonymer Empfänger;
Versuch mit geheimem Schlüssel 0AAAAAAA …
gpg: pcsc_list_readers failed:
unknown PC/SC error code (0x8010002e)
gpg: Kartenleser ist nicht
vorhanden
gpg2 -d Dokumente/somefile.txt.gpg
gpg: verschlüsselt mit RSA
Schlüssel, ID 00000000
gpg: Entschlüsselung fehlgeschlagen: Kein
geheimer Schlüssel
gpg --card-status
gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e)
gpg: Kartenleser ist nicht vorhanden
gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler
gpg2 --card-status
Reader ...........: ...
Application ID ...: ...
Version ..........: 2.0
Manufacturer .....: ZeitControl
All this was never a problem until now.
Are there any tricks to get the interfacing with smartcards working smoother again?
If I powercycle the smartcard, and kill scdaemon, It will first ask me for the other smart card that contains the master key. If I don't provide this, I could not figure out how to decrypt the file.
The only way was to plugin in that other smart card, and have gpg find out that this is not the one we need. Then it asks me to plug in the card that I indeed need. Now I can enter the pin, but strangely in the console, and not the pinentry window. With this awkward workflow I am able to decrypt the file.
Rgds
Richard
More information about the Gnupg-users
mailing list