YubiKey/OpenPGP card connection issues for non-root user
NIIBE Yutaka
gniibe at fsij.org
Mon Aug 7 03:00:27 CEST 2023
Hello,
Please note that I don't have any experience using scdaemon in a guest
OS of GNU/Linux. So, my answer may be wrong/irrelevant.
"Felix E. Klee" <felix.klee at inka.de> wrote:
> [felix at felix-arch ~]$ sudo gpg --card-status
> Reader ...........: SCM Microsystems Inc. SPR 532 [CCID Interface]
> (51271741200012) 00 00
Please note that there may be two methods to access the device in
scdaemon:
* in-stock CCID driver of scdaemon
* the PC/SC service
Your output shows that you are connecting the smartcard reader through
the PC/SC service.
If it's not your intention and your scdaemon has support of in-stock
CCID driver, I'd recommend not to use the PC/SC service. Perhaps,
simply uninstall pcscd.
That's because it's simpler for scdaemon. It's easier to configure and
debug, if your purpose is only for use of OpenPGP smartcard.
If you have a reason using PC/SC service (say, for example, you need the
service for other applications and other cards, as well as your use of
OpenPGP smartcard for GnuPG), please make sure that you configure the
PC/SC service correctly. You should test and make sure, by a normal
user, if you can access your cards by the PC/SC service correctly.
* * *
Also, I'm afraid that you are using older GnuPG. In GnuPG 2.2, scdaemon
had a feature to fallback to the PC/SC service, when access to in-stock
CCID driver doesn't go well. The feature is disabled in 2.4. In GnuPG
2.4, when scdaemon has support of in-stock CCID driver, to use the PC/SC
service, you need manually configure scdaemon with "disable-ccid" (no
use of in-stock CCID driver).
--
More information about the Gnupg-users
mailing list