YubiKey/OpenPGP card connection issues for non-root user

Werner Koch wk at gnupg.org
Mon Aug 7 09:29:09 CEST 2023


On Sat,  5 Aug 2023 12:10, Felix E. Klee said:
> I also tried killing root’s gpg-agent, to avoid conflicts with that of
> the user, but that didn’t help either.

Right a second scdaemon might have grabbed the device.  If you don't
need it as root put into root's gpg-agent.conf "disable-scdaemon".

Another option is to put

pcsc-shared

into /etc/gnupg/scdaemon.conf and to install pcscd.  The drawback is
that there might be some hiccup with OpenPGP cards and PIN requests
(because we cache the verification status in scdaemon for the sake of
older OpenPGP cards) and if you change the data on a card the other
scdaemon's won't see the change.

We are currently considering whether to chnage scdameon to a system
service or implement some kind of syncing.

> Why does it work as root but not as regular user?

The root's scdaemon has access to the device.


Shalom-Salam,

   Werner



-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230807/3d60fe35/attachment.sig>


More information about the Gnupg-users mailing list