OpenPGP card and gpg-agent TTL

Matthias Apitz guru at
Fri Nov 5 09:01:21 CET 2021

El día viernes, noviembre 05, 2021 a las 08:32:17a. m. +0100, Werner Koch via Gnupg-users escribió:

> it is good that things work for you.  And thanks for the hint with the
> smartcard.  I was probably blind that I didn't noticed it.  I put an
> older card into the slot (cut down with a sharp wire cutter) but I have
> not seen the device.

Hello Werner,

To get the OpenPGP card working, please follow the steps in my
attachment OpenPGP-L5.txt. You must flash some firmware into the device.

> Even after an OS update there is still no Bluetooth device (regardless
> of the kill switch position) and the WLAN sometimes needs a reboot.  I
> also wonder why there are no easy accessible teardown images - the long
> Youtube video is not very helpful because it shows obvious things,

To solve the Bluetooth / WLAN problems, follow the steps here how to
load again some other firmware. Esp. change also after this in the file
/etc/modprobe.d/librem5-devkit.conf the value dev_oper_mode from 5 to 13

Hope it helps


Matthias Apitz, ✉ guru at, +49-176-38902045
Public GnuPG key:
August 13, 1961: Better a wall than a war. And, while the GDR was still existing,
no German troups and bombs have been killed in Yugoslavia, Afghanistan, Afrika...
-------------- next part --------------

How to setup the OpenPGP card in the Purism L5 phone
              guru at, October 2021
(includes video about inserting the card)

install and get the software:

$ cd ~/guru
$ sudo apt install stm32flash git
$ git clone

$ cd ttxs-firmware

Upgrade the smart card reader firmware:

$ ./scripts/

stm32flash 0.5

Using Parser : Raw BINARY
Interface serial_posix: 57600 8E1
Version      : 0x31
Option 1     : 0x00
Option 2     : 0x00
Device ID    : 0x0435 (STM32L43xxx/44xxx)
- RAM        : Up to 48KiB  (12544b reserved by bootloader)
- Flash      : Up to 256KiB (size first sector: 1x2048)

- Option RAM : 16b
- System RAM : 28KiB
Write to memory
Erasing memory
Wrote address 0x08002388 (100.00%) Done.

And set up the smart card:

$ ./scripts/

There have been issues, see also:

What helped was:

# stty -F /dev/ttymxc2 raw cstopb -parenb cs8 115200 
# pcscd -f --debug

The startup of pcscd is to be configured here and start is via systemctl:

# vim /lib/systemd/system/pcscd.service
# systemctl status pcscd
# systemctl stop pcscd
# systemctl start pcscd

Setting up the card

$ gpg --card-status
Reader ...........: TTXS serial 00 00
Application ID ...: D27600012401030400050000A6FE0000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: ZeitControl
Serial number ....: 0000A6FE
Name of cardholder: [not set]
Language prefs ...: de
Salutation .......: 
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 64 64 64
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

$ gpg --change-pin  # changed the PIN and Admin PIN

$ gpg --card-edit   # generated the keys

$ export GNUPGHOME=/home/guru/.gnupg

$ pass init 'CCID L5'
Password store initialized for guru at
$ pass insert -m test

$ gpg --with-keygrip -K
sec>  rsa2048 2021-10-30 [SC]
      Keygrip = FCBA9E53DF1AF8D6E8D82B0418A01FA33264F704
      Card serial no. = 0005 0000A6FE
uid           [ultimate] Matthias Apitz (GnuPG CCID L5) <guru at>
ssb>  rsa2048 2021-10-30 [A]
      Keygrip = EE34E2B1F932D1567A6E21023F4D65B71CF953FF
ssb>  rsa2048 2021-10-30 [E]
      Keygrip = C544F16750F7F55DCEF781CF57C232015DDF1F90

the '>' means that these keys are on the card;

export the pub key with:

$ gpg --export --armor >

lock the card again:

$ gpgconf --reload scdaemon

I added this to the pass cmd:

$ tail -8 /usr/bin/pass

# power down the OpenPGP card
# guru at
gpgconf --reload scdaemon
sleep 2

exit 0

so the card gets loecked again after each operation with the pass cmd.

More information about the Gnupg-users mailing list