HID Omnikey 3121 Smart Card Reader and GPG

Wed, 07 Jul 2021 17:59:37 -0700

So I have purchased an Omnikey 3121 smart card reader for use with my GPG smart card version 2.1. Whenever I put my card in and request `gpg --card-status`, the reader flashes its light for about a minute, and then finally, gpg returns with: 

```

➜  ~ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

```
Now I know the card reader works because if I use pscs_scan I immediately get: 

```

➜  ~ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00 

Wed Jul  7 17:41:24 2021
 Reader 0: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00 
  Event number: 2
  Card state: Card inserted,
  ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C

ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
+ TS = 3B --> Direct Convention
+ T0 = DA, Y(1): 1101, K: 10 (historical bytes)
  TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
    129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
  TC(1) = FF --> Extra guard time: 255 (special value)
  TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
  TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1
-----
  TA(3) = FE --> IFSC: 254
  TB(3) = 75 --> Block Waiting Integer: 7 - Character Waiting Integer: 5
  TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following 
-----
  TA(4) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A 5V B 3V 
+ Historical bytes: 00 31 C5 73 C0 01 40 00 90 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 3, len: 1 (card service data byte)
      Card service data byte: C5
        - Application selection: by full DF name
        - Application selection: by partial DF name
        - EF.DIR and EF.ATR access services: by GET DATA command
        - Card without MF
    Tag: 7, len: 3 (card capabilities)
      Selection methods: C0
        - DF selection by full DF name
        - DF selection by partial DF name
      Data coding byte: 01
        - Behaviour of write functions: one-time write
        - Value 'FF' for the first byte of BER-TLV tag fields: invalid
        - Data unit in quartets: 2
      Command chaining, length fields and logical channels: 40
        - Extended Lc and Le fields
        - Logical channel number assignment: No logical channel
        - Maximum number of logical channels: 1
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 00 (No information given)
      SW: 9000 (Normal processing.)
+ TCK = 0C (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
    OpenPGP Card V2

```

And if I run `pkcs15-tool -k`, I get the following returned:

```

➜  ~ pkcs15-tool -k
Using reader with a card: HID Global OMNIKEY 3x21 Smart Card Reader [OMNIKEY 3x21 Smart Card Reader] 00 00 
Private RSA Key [Signature key]
    Object Flags   : [0x03], private, modifiable
    Usage          : [0x20C], sign, signRecover, nonRepudiation
    Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local 
    Algo_refs      : 0
    ModLength      : 4096
    Key ref        : 0 (0x00)
    Native         : yes
    Auth ID        : 01
    ID             : 01
    MD:guid        : <redacted>

Private RSA Key [Encryption key]
    Object Flags   : [0x03], private, modifiable
    Usage          : [0x22], decrypt, unwrap
    Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local 
    Algo_refs      : 0
    ModLength      : 4096
    Key ref        : 1 (0x01)
    Native         : yes
    Auth ID        : 02
    ID             : 02
    MD:guid        : <redacted>

Private RSA Key [Authentication key]
    Object Flags   : [0x03], private, modifiable
    Usage          : [0x222], decrypt, unwrap, nonRepudiation
    Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local 
    Algo_refs      : 0
    ModLength      : 4096
    Key ref        : 2 (0x02)
    Native         : yes
    Auth ID        : 02
    ID             : 03
    MD:guid        : <redacted>

```
So I believe the card reader is working fine, but gpg is just not working with it for some reason. On the GPG howto page, it's listed as (https://www.gnupg.org/howtos/card-howto/en/ch02s02.html): 

Omnikey Cardman 3121 (and 2020)
This USB card reader supports CCID and PC/SC. The older Omnikey Cardman 2020 is no longer produced. The newer reader has not been tested, but Omnikey says that the two readers are compatible.
To add some context, I am able to use my Identiv SCR3500 just fine with the same system using the same card; I just wanted a more permanent setup for my desktop. I am using gpg version 2.3.1 on Debian Sid. Are there steps I can/should take to diagnose what's going on? Is this card reader not compatible with the GPG drivers? Any advice would be appreciated. 

Sincerely,

Brandon Anderson

Attachment: OpenPGP_0x255837AEF812E87E.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to