YubiKey/OpenPGP card connection issues for non-root user

Felix E. Klee felix.klee at inka.de
Thu Aug 3 09:04:26 CEST 2023 

Recently I set up a YubiKey 5C NFC, and when I connect it to my Linux
system (running in VMware under Windows), it sometimes takes minutes to
be able to use. I.e. it can take forever until I get a successful
response from:

    gpg --card-status

OTOH I can immediately get a response when I run the above command as
root. Now I notice that the occasional connection issues I have with the
OpenPGP card in my SCM SPR332 are similar. Furthermore, it happens that
the YubiKey or the card reader suddenly disappear for the ordinary user,
although that is rare.

I have set up udev rules for both. But it seems that sometimes they
don't trigger, or only with a long delay.

    [felix at felix-arch ~]$ cd /etc/udev/rules.d/
    [felix at felix-arch rules.d]$ cat 70-yubikey.rules
    # YubiKey Support
    #

    ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050",
    ENV{ID_MODEL_ID}=="0404", MODE="660", GROUP="scard"
    [felix at felix-arch rules.d]$ cat 71-gnupg-ccid.rules # GPG SmartCard
    Reader Support
    #

    ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="04e6",
    ENV{ID_MODEL_ID}=="e003", MODE="660", GROUP="scard"

Even without udev rules, I think I should have access to the devices,
because I'm in group `scard`:

    [felix at felix-arch ~]$ ls /dev/bus/usb/002/011
    /dev/bus/usb/002/011
    [felix at felix-arch ~]$ ls -l /dev/bus/usb/002/011
    crw-rw---- 1 root scard 189, 138 Aug  3 14:56 /dev/bus/usb/002/011
    [felix at felix-arch ~]$ gpg --card-status
    gpg: selecting card failed: No such device
    gpg: OpenPGP card not available: No such device
    [felix at felix-arch ~]$ groups
    scanner saned uucp optical lp audio wheel felix scard plugdev
    [felix at felix-arch ~]$ lsusb
    Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
    Bus 003 Device 004: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 003 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 003 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
    Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 002 Device 002: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 002 Device 011: ID 1050:0404 Yubico.com Yubikey 4/5 CCID
    Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

How do I fix that?

I am happy to substitute the udev rules with a timer, or to call some
command to give permissions every time I want to use the YubiKey or the
OpenPGP card. I just would like the whole process to be more reliable.
Currently, it’s extremely frustrating.

More information about the Gnupg-users mailing list