Using the OpenPGP Card on Unix && Win7

Matthias Apitz guru at unixarea.de
Mon Nov 20 08:56:12 CET 2017 

El día domingo, noviembre 19, 2017 a las 03:20:16p. m. +0100, Peter Lebbing escribió:

> On 17/11/17 16:09, Matthias Apitz wrote:
> > It seems that the USB token is fine, but the Card is not (see
> > attachment).
> 
> I don't use Windows myself, but AFAIK, this is normal and not a problem.
> 
> AFAIK, the exclamation mark triangle on the smartcard means that the OS
> has no driver to work with that specific smartcard. But GnuPG
> communicates directly with the smartcard; the "driver" so to speak is
> inside GnuPG. In fact, if you found another OS-level driver that is
> happy to work with your smartcard, you are probably /creating/ an issue
> since it will keep a lock on the smartcard so GnuPG no longer can get
> access to it. While shared access to a smartcard is not impossible per
> se, often you'll find that programs want exclusive access, and you can't
> use two programs with the same smartcard at the same time.
> 
> An exclamation mark triangle on the /reader/ would probably indicate an
> issue, but an exclamation mark triangle on the /smartcard/ is probably
> for the best.
> 
> Still, I've only used different types of smartcards on Windows, and only
> very sporadically, so I don't think I can be of much further help.

Hello,

Thanks for your feedback, Peter.

I killed a running SmartCard Service on Win7 and tested GnuPG on a
Cygwin command line. It says:


$ uname -a
CYGWIN_NT-6.1 APITZM-LTOH 2.7.0(0.306/5/3) 2017-02-12 13:18 x86_64 Cygwin

$ gpg --version
gpg (GnuPG) 2.2.1
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/apitzm/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

$ gpg --card-status --debug-all --debug-level guru 
gpg: reading options from 'C:/Users/apitzm/AppData/Roaming/gnupg/gpg.conf'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_0x000000d8 <- OK Pleased to meet you
gpg: DBG: connection to agent established
gpg: DBG: chan_0x000000d8 -> RESET
gpg: DBG: chan_0x000000d8 <- OK
gpg: DBG: chan_0x000000d8 -> OPTION ttytype=xterm
gpg: DBG: chan_0x000000d8 <- OK
gpg: DBG: chan_0x000000d8 -> GETINFO version
gpg: DBG: chan_0x000000d8 <- D 2.2.1
gpg: DBG: chan_0x000000d8 <- OK
gpg: DBG: chan_0x000000d8 -> OPTION allow-pinentry-notify
gpg: DBG: chan_0x000000d8 <- OK
gpg: DBG: chan_0x000000d8 -> OPTION agent-awareness=2.1.0
gpg: DBG: chan_0x000000d8 <- OK
gpg: DBG: chan_0x000000d8 -> SCD GETINFO version
gpg: DBG: chan_0x000000d8 <- D 2.2.1
gpg: DBG: chan_0x000000d8 <- OK
gpg: DBG: chan_0x000000d8 -> SCD SERIALNO openpgp
gpg: DBG: chan_0x000000d8 <- ERR 100696144 No such device <SCD>
gpg: selecting openpgp failed: No such device
gpg: OpenPGP card not available: No such device
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

It does not make any difference, if I also start the scdaemon with
$ scdaemon --daemon &

or not.

	matthias

-- 
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/  ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20171120/a0197267/attachment.sig>

More information about the Gnupg-users mailing list