Hello, here's a quick howto for using multiple smartcards at the same time on Fedora 26 with gnupg 2.2.4.
To access multiple card readers simultaneously, the internal CCID driver of gnupg must be used. Steps: 1. Allow normal users to access the card readers: Create a "hwdb" file in /etc/udev/hwdb.d/99-smartcard-reader.hwdb This file contains a list of USB IDs of the card readers. ######## usb:v04E6pE003* usb:v046Ap003E* usb:v0C4Bp0504* ID_SMARTCARD_READER=1 ######## Adapt the USB device IDs to your card reader, some IDs are found here: https://wiki.gnupg.org/CardReader/PinpadInput The 'ID_SMARTCARD_READER' tag will trigger an udev rule in /usr/lib/udev/rules.d/70-uaccess.rules that adds the "uaccess" tag for the reader. This allows to access the card reader as normal user while you are logged in. 2. Update systemd's hwdb: systemd-hwdb update This re-generates the file /etc/udev/hwdb.bin 3. Prevent pcscd from starting pcscd can prevent gnupg from accessing the card reader using the internal CCID driver. Therefore you can mask (=disable) pcscd via systemd: systemctl mask --now pcscd.socket systemctl daemon-reload 4. Log out and log in again. All smartcards should now be listed when running "gnupg2 --card-status all" You can modify individual smartcards by using "gnupg2 --card-edit SERIALNO" *** Debug tips'n'tricks *** - Use "udevadm monitor --environment" to see how udev detects a card reader when plugged in. Example output: UDEV [10155.134146] add /devices/pci0000:00/0000:00:01.1/0000:01:00.0/usb1/1-3 (usb) ACTION=add BUSNUM=001 DEVNAME=/dev/bus/usb/001/015 DEVNUM=015 DEVPATH=/devices/pci0000:00/0000:00:01.1/0000:01:00.0/usb1/1-3 DEVTYPE=usb_device DRIVER=usb ID_BUS=usb ID_FOR_SEAT=usb-pci-0000_01_00_0-usb-0_3 ID_MODEL=SPRx32_USB_Smart_Card_Reader ID_MODEL_ENC=SPRx32\x20USB\x20Smart\x20Card\x20Reader ID_MODEL_FROM_DATABASE=SPR532 PinPad SmartCard Reader ID_MODEL_ID=e003 ID_PATH=pci-0000:01:00.0-usb-0:3 ID_PATH_TAG=pci-0000_01_00_0-usb-0_3 ID_REVISION=0601 ID_SERIAL=SCM_Microsystems_Inc._SPRx32_USB_Smart_Card_Reader_xxxxx ID_SERIAL_SHORT=xxxxx ID_SMARTCARD_READER=1 ID_USB_INTERFACES=:ff0000: ID_VENDOR=SCM_Microsystems_Inc. ID_VENDOR_ENC=SCM\x20Microsystems\x20Inc. ID_VENDOR_FROM_DATABASE=SCM Microsystems, Inc. ID_VENDOR_ID=04e6 MAJOR=189 MINOR=14 PRODUCT=4e6/e003/601 SEQNUM=4699 SUBSYSTEM=usb SYSTEMD_WANTS=smartcard.target TAGS=:seat:systemd:uaccess: TYPE=0/0/0 USEC_INITIALIZED=10155130754 Notice the "uaccess" tag in the output. It also contains the USB device path in DEVNAME=, in this case /dev/bus/usb/001/015. - Inspect the user ACL on the USB device file via "getfacl" getfacl /dev/bus/usb/001/015 # getfacl /dev/bus/usb/001/015 # file: dev/bus/usb/001/015 # owner: root # group: root user::rw- user:alice:rw- group::rw- mask::rw- other::r-- -> there's an extra read/write ACL for username "alice" in there. - enable scdaemon debug output in ~/.gnupg/scdaemon.conf When inspecting the log file, make sure there are no messages like "ccid open error: skip" If that's the case, try masking pcscd like above. Otherwise gnupg will fall back to pcscd mode which currently does not support multiple smartcards. See also: https://dev.gnupg.org/T1621#110805 Hopefully this short guide is useful to someone else when setting up multiple card readers. In fact it can even be helpful when using just one card reader, since setting up the device permissions using udev's uaccess system is tricky and sparely documented: https://github.com/systemd/systemd/issues/4288 Cheers, Thomas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users