Yubikeys and GnuPG 2.2/2.3

Marko Božiković bozho at kset.org
Tue Jan 11 08:50:22 CET 2022

On 10/01/2022 14:05, Werner Koch wrote:
> On Fri,  7 Jan 2022 16:23, Marko Božiković said:
>> My scdaemon.conf has a single line:
>> card-timeout 1
> Please remove this at least for testing.
>> log-file <path to log file>
>> debug-level basic
>> verbose
> Please change the 
>   debug-level ...
> to
>   debug ipc,app,cardio
> Actually you should have seen a debug line "Yubikey: config=" due to the
> verbose option.   The "cardio" above returns all commands (so-called
> APDUs) send to the card.  This should help to reveal the problem.

Just to confirm, my scdaemon.conf file should look like this:

debug-level ipc,app,cardio
log-file <path to log file>

>> 2022-01-07 15:53:58 scdaemon[9960] pcsc_connect failed: sharing violation
>> (0x8010000b)
> Some other process is accessing the Yubikey.  But as you already know
> pcsc-shared

Yeah, but that one is available in 2.3. The card-timeout was suggested some
time ago on Yubikey forums as a workaround for exclusive card access - and it
worked for a while. If I 'primed' the card and got GnuPG to recognise it, it
would work until the next machine reboot; it would still work even after
sleep. Unfortunately, the probability of that working changed with each major
Windows update :-)

Is there a way in Windows to find which process is locking the card? I tried
using Sysinternals Process Explorer to examine handles opened by scdaemon.exe
while it does have access to Yubikey, but I couldn't find anything that would
stand out...

Thank you,

Marko Božiković

More information about the Gnupg-users mailing list