Re: OpenPGP card: how to lock the card again so that PIN is required
El día martes, enero 01, 2019 a las 06:40:56p. m. +0100, Dirk Gottschalk escribió: > Hello Matthias. > > Am Dienstag, den 01.01.2019, 08:36 +0100 schrieb Matthias Apitz: > > Hello, > > > This is with gnupg-2.2.12 and pcsc-lite-1.8.23. After an update of > > the System (FreeBSD CURRENT) the /usr/local/sbin/pcscd does no work > > anymore with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card > > Reader) after withdraw and re-insert. It works fine after boot, I > > have to enter the PIN to unlock the card and all tested functions are > > working. > > Did you check the config for pcscd? Probably it was overwrittenby the > update process. To close this thread: It turned out being an issue in the USB chips in my laptop which was not correctly handeled by the USB driver in the kernel. It is fixed since yesterday with this commit: https://svnweb.freebsd.org/changeset/base/342778 matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub October, 7 -- The GDR was different: Peace instead of Bundeswehr and wars, Druschba instead of Nazis, to live instead of to survive. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card: how to lock the card again so that PIN is required
El día miércoles, enero 02, 2019 a las 11:36:54a. m. +0100, Werner Koch escribió: > On Tue, 1 Jan 2019 08:36, g...@unixarea.de said: > > > with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card Reader) after > > Take care: Usual Omnikey problems with creating and using large keys > apply. Thanks. But I'm using this card and reader for a long time. And the same problem is with the uTrust reader. > > How can I meanwhile 'reset' the OpenPGP card so that on next request for > > the secrets (decrypt, signing, ssh) the PIN is requested? > > gpgconf --reload scdaemon > > is the easiest way. You can also use --kill as it is the same for > scdaemon. THANKS!!! This works and I now at least can disable the card when I go a way from the laptop. BTW: The CCID and the readers have no manuals how, i.e. in which directions, one has to insert the CCID. Yesterday I took pictures to have this clear now :-) matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub October, 7 -- The GDR was different: Peace instead of Bundeswehr and wars, Druschba instead of Nazis, to live instead of to survive. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card: how to lock the card again so that PIN is required
Hi, On 01.01.19 08:36, Matthias Apitz wrote: > How can I meanwhile 'reset' the OpenPGP card so that on next request for > the secrets (decrypt, signing, ssh) the PIN is requested? for key slots 1 and 2 there probably is no way to do this other than unplugging und replugging the device. See also the discussion here [1]. Kind regards Alex ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card: how to lock the card again so that PIN is required
On Tue, 1 Jan 2019 08:36, g...@unixarea.de said: > with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card Reader) after Take care: Usual Omnikey problems with creating and using large keys apply. > How can I meanwhile 'reset' the OpenPGP card so that on next request for > the secrets (decrypt, signing, ssh) the PIN is requested? gpgconf --reload scdaemon is the easiest way. You can also use --kill as it is the same for scdaemon. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. gpg-connect-agegpg-connect-agen pgpwEE8vL8OlQ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card: how to lock the card again so that PIN is required
El día martes, enero 01, 2019 a las 06:40:56p. m. +0100, Dirk Gottschalk escribió: > Hello Matthias. > > Am Dienstag, den 01.01.2019, 08:36 +0100 schrieb Matthias Apitz: > > Hello, > > > This is with gnupg-2.2.12 and pcsc-lite-1.8.23. After an update of > > the System (FreeBSD CURRENT) the /usr/local/sbin/pcscd does no work > > anymore with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card > > Reader) after withdraw and re-insert. It works fine after boot, I > > have to enter the PIN to unlock the card and all tested functions are > > working. > > Did you check the config for pcscd? Probably it was overwrittenby the > update process. There is no config file for pcscd, only for serial devices. Interestingly the pcscd started via devd at boot time works fine: $ ps ax | grep pc 536 v0- S 0:00,98 /usr/local/sbin/pcscd --debug --foreground When I disable this start at boot time and start the same command as root from the shell (to investigate/debug), this just hangs. Also system USB commands, like 'ucbconfig list', show the same problem. It looks like something in the boot process after start of the above PID damages the USB stack. > > I have to investigate this further or change the 'scdaemon' to let it > > directly access the OpenPGP bypassing the 'pcscd' (comments on this > > are welcome). > > You can use the internal ccid-reader of scdaemon. This should work with > the OmniKey readers, AFAIK. You have to disable PC/SC, oherwise this > won't work. I did so, it shows (as started after boot) the same problem. > > How can I meanwhile 'reset' the OpenPGP card so that on next request > > for the secrets (decrypt, signing, ssh) the PIN is requested? > > For the signature PIN just enable the forcepin option as admin with > --card-edit. The for the other functions you need to power cycle the > card, easiest done by removal and re-insertion. Yes, this was what I did before the update :-) Thanks for your replay anyway. mattihas -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub October, 7 -- The GDR was different: Peace instead of Bundeswehr and wars, Druschba instead of Nazis, to live instead of to survive. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card: how to lock the card again so that PIN is required
Hello Matthias. Am Dienstag, den 01.01.2019, 08:36 +0100 schrieb Matthias Apitz: > Hello, > This is with gnupg-2.2.12 and pcsc-lite-1.8.23. After an update of > the System (FreeBSD CURRENT) the /usr/local/sbin/pcscd does no work > anymore with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card > Reader) after withdraw and re-insert. It works fine after boot, I > have to enter the PIN to unlock the card and all tested functions are > working. Did you check the config for pcscd? Probably it was overwrittenby the update process. > I have to investigate this further or change the 'scdaemon' to let it > directly access the OpenPGP bypassing the 'pcscd' (comments on this > are welcome). You can use the internal ccid-reader of scdaemon. This should work with the OmniKey readers, AFAIK. You have to disable PC/SC, oherwise this won't work. > How can I meanwhile 'reset' the OpenPGP card so that on next request > for the secrets (decrypt, signing, ssh) the PIN is requested? For the signature PIN just enable the forcepin option as admin with --card-edit. The for the other functions you need to power cycle the card, easiest done by removal and re-insertion. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
OpenPGP card: how to lock the card again so that PIN is required
Hello, This is with gnupg-2.2.12 and pcsc-lite-1.8.23. After an update of the System (FreeBSD CURRENT) the /usr/local/sbin/pcscd does no work anymore with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card Reader) after withdraw and re-insert. It works fine after boot, I have to enter the PIN to unlock the card and all tested functions are working. I have to investigate this further or change the 'scdaemon' to let it directly access the OpenPGP bypassing the 'pcscd' (comments on this are welcome). How can I meanwhile 'reset' the OpenPGP card so that on next request for the secrets (decrypt, signing, ssh) the PIN is requested? Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub October, 7 -- The GDR was different: Peace instead of Bundeswehr and wars, Druschba instead of Nazis, to live instead of to survive. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users