command 'LEARN' failed: No inquire callback in IPC

Dustin Rogers dustincr at hotmail.com
Tue May 16 15:26:40 CEST 2017


Hi Mr. Yutaka:


Thank you for your input and all the dev work you have done.


This is a cloud environment so I dont have the luxury of physical access to a usb port. I do not leverage libusb because this is using network attached Safenet Luna SA HSM (gemalto brand) PKCS11 smart card provider.


I just gave the native scdaemon a try. It doesnt seem to recognize this card provider at all.

LEARN
ERR 100663404 Card error <SCD>

In fact the native support for smart cards does not seem to support network attached HSM "virtual tokens" devices at all. It could be possible that I need to specify the local port the installed HSM agent is running on, but I dont think I will be that lucky.

Perhaps I could help build the support into the native scdaemon, but you are an expert at this, so I dont want to come off rude.  I know the work isnt simple.

I have this  other scdaemon (gnupg-pkcs11-scd) working fine with gnupg 2.0, but with manual pinentry for each operation. I cant get it working with gnupg 2.1. (again, I am looking for the unattended pinentry support the later version seems to have) Thus, I really dont think this is an issue with the scdaemon I am using. Moreover, I can see the INQUIRE PIN callback is there, the pinentry is just not appearing. Really I would like to understand why the gpg-connect-agent is allowing the pin call back through, and the gpg-agent itself is not?

Thank you,
-Dustin Rogers

Here is my config file thus far for native scdaemon:

#Debug Level
debug-level guru
#Smartcard Provider SO object
pcsc-driver /usr/lib/libCryptoki2_64.so
#pcsc-driver /usr/lib/libCryptoki2.so
log-file scdaemon.log
#card-timeout 1



________________________________
From: Gnupg-users <gnupg-users-bounces at gnupg.org> on behalf of NIIBE Yutaka <gniibe at fsij.org>
Sent: Tuesday, May 16, 2017 2:24 AM
To: Rogers, Dustin; gnupg-users at gnupg.org
Subject: Re: command 'LEARN' failed: No inquire callback in IPC

"Rogers, Dustin" <Dustin.Rogers at capitalone.com> wrote:
> I have recently installed gnupg 2.1.20 from source on a centos6.8 box.

What's the configure option?  Did you enable smart card support with
libusb?

> [root at system1 ~]# gpg --card-edit
>
> gpg-agent[5158]: DBG: chan_8 -> OK Pleased to meet you, process 5159
[...]
> gpg-agent[5158]: DBG: chan_9 <- OK PKCS#11 smart-card server for GnuPG ready

This is not the scdaemon from GnuPG.

Please install scdaemon of GnuPG and try again with that.
--

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Gnupg-users Info Page<http://lists.gnupg.org/mailman/listinfo/gnupg-users>
lists.gnupg.org
GnuPG user help mailing list. The topic of this is list is help and discussion among users of GnuPG. This includes questions on how to script GnuPG, how to create or ...



-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170516/8798f74e/attachment.html>


More information about the Gnupg-users mailing list