several GPG smartcards connected at the same time

NIIBE Yutaka gniibe at
Tue Aug 9 02:39:43 CEST 2016

On 08/08/2016 07:27 PM, Cornelius Kölbel wrote:
> I am wondering if it is possible to have several GnuPG Smartcards
> connected. 

Currently, this configuration is not supported by scdaemon.  I don't
know any portable technical solution (supporting GNU/Linux, Windows,
and MacOS X, etc.) to handle multiple card readers (and/or cards)
simultaneously by a single application.

Now, GnuPG 2.1 internal CCID driver has migrated to newer libusb.  So,
I think that we can consider a solution by the internal CCID driver,
supporting multiple card readers (or card) simultaneously by a single
application.  I don't know how a possible libusb solution is portable,

> Let's assume I have several smartcards, 
> one has a PGP key of identy1 at, the other of
> identity2 at

In fact, I am using multiple tokens daily for gniibe at; ed25519
with 249CB3771750745D5CDD323CE267B052364F028D, rsa2048 with
124124BD3B4862AF7A0A42F100B45EBD4CA7BABE.  It annoys me somehow.

> If I now try to decrypt something which is encrypted for
> identity2 at would the gpg-agent/scdaemon be smart enough to
> ask the correct smartcard with the right identity/private key?

If there is no token inserted, it fails.  If a correct token is inserted,
it goes well.  If a different token is inserted, GnuPG asks a user to
remove a different token and to insert another token.  This is the current

There is a small problem yet.  When GnuPG sees an encrypted message
for both of E267B052364F028D, 00B45EBD4CA7BABE, it handle a possible
key in a sequence (as listed in an encrypted message).  Suppose key
list is: E267B052364F028D and 00B45EBD4CA7BABE, and I already inserted
a token for 00B45EBD4CA7BABE in my computer.  GnuPG asks me to change
a token when it finds E267B052364F028D in an encrypted message, even if
the message can be decrypted by the token inserted already.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160809/733b1db9/attachment.sig>

More information about the Gnupg-users mailing list