Smartcard Linux stack diagram?

2013-06-29 Thread Daniel Pocock 



I came across this diagram of the stack including OpenSC and GnuPG:

https://blog.flameeyes.eu/2011/04/additional-notes-about-the-smartcard-components-diagram

Is this still accurate?

I notice a couple of small things missing:

Scute: it should be a link between gpg-agent and NSS?

StrongSWAN: it depends on PKCS#11 directly (not using NSS)

The PKCS#11 interface could be labeled "Cryptoki / PKCS#11"

I'm thinking about making a slightly more up to date diagram with a
slightly different style - but if something else already exists, please
feel free to point it out.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu

2013-06-29 Thread Pete Stephenson 
On 6/29/2013 7:56 PM, Peter Lebbing wrote:
> On 29/06/13 17:24, Pete Stephenson wrote:
>> as I don't really see why gpgsm would magically make things work as it
>> doesn't seem really related to the Crypto Stick).
> 
> On Ubuntu 12.04, the gpgsm package contains the scdaemon, the smart card 
> daemon.
> So that's understandable that it needs to be installed.
> 
> On 13.04, they moved it to the separate scdaemon package.

Ok, but isn't pcscd the scdaemon? On Ubuntu 12.10 and before I'd install
the libccid and pcscd packages and the Crypto Stick still wouldn't work
even though scdaemon was installed and configured. The Crypto Stick
wouldn't work at all until I installed gpgsm.

I admit to being a bit out of date in regards to testing the 13.04
release because I've been a bit too preoccupied with outside stuff to
tinker much, but hopefully things have improved. :)

Cheers!
-Pete

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu

2013-06-29 Thread Peter Lebbing 
On 29/06/13 17:24, Pete Stephenson wrote:
> as I don't really see why gpgsm would magically make things work as it
> doesn't seem really related to the Crypto Stick).

On Ubuntu 12.04, the gpgsm package contains the scdaemon, the smart card daemon.
So that's understandable that it needs to be installed.

On 13.04, they moved it to the separate scdaemon package.

GnuPG v1 can work without gpg-agent and scdaemon, but GnuPG v2 cannot. So the
problem is somewhere there.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu

2013-06-29 Thread Pete Stephenson 
On 6/29/2013 5:20 PM, Jan Geep wrote:
> On Sat, Jun 29, 2013 at 3:09 PM, Pete Stephenson  > wrote:
> 
> Did you install the libccid and pcscd packages, as described at
> https://www.crypto-stick.com/start ?
> 
> If that doesn't work, also try installing the gpgsm package
> 
> 
> Thanks Pete, I had the first two installed but not gpgsm, installed it
> but still no go.

Alas, I'm out of ideas -- it's always worked for me (though it's
basically been cargo-cult troubleshooting in my case, as I don't really
see why gpgsm would magically make things work as it doesn't seem really
related to the Crypto Stick).

Hopefully others on the list can be more helpful.

Cheers!
-Pete

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu

2013-06-29 Thread Jan Geep 
On Sat, Jun 29, 2013 at 3:09 PM, Pete Stephenson  wrote:

> Did you install the libccid and pcscd packages, as described at
> https://www.crypto-stick.com/start ?
>
> If that doesn't work, also try installing the gpgsm package
>

Thanks Pete, I had the first two installed but not gpgsm, installed it but
still no go.

$ dpkg -l | egrep 'libccid|pcscd|gpgsm'
ii  gpgsm  2.0.17-2ubuntu2.12.04.2   GNU privacy guard - S/MIME version
ii  libccid  1.4.5-1 PC/SC driver for USB
CCID smart card readers
ii  pcscd  1.7.4-2ubuntu2  Middleware to access a smart
card using PC/SC (daemon side)
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu

2013-06-29 Thread Pete Stephenson 
On 6/29/2013 2:49 PM, Jan Geep wrote:
> hello
> 
> I have a CryptoStick v1.2 and am trying to get it to work with gpg
> 2.0.17 on Ubuntu 12.04.2
> 
> It works perfectly when I use gpg v14.11 and I am trying to figure out
> what to do to get gpg2 to work would any people have suggestion?

Did you install the libccid and pcscd packages, as described at
https://www.crypto-stick.com/start ?

If that doesn't work, also try installing the gpgsm package -- for
whatever reason, my Crypto Stick didn't work until I installed that
package. If the package is removed, the Crypto Stick stops working. This
was the case for several Ubuntu and Mint systems, even fresh-from-the-CD
systems I created in VMs for testing, though your mileage may vary.

Cheers!
-Pete

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Smart card works with GPG v1 but not with GPG v2 on Ubuntu

2013-06-29 Thread Jan Geep 
hello

I have a CryptoStick v1.2 and am trying to get it to work with gpg 2.0.17
on Ubuntu 12.04.2

It works perfectly when I use gpg v14.11 and I am trying to figure out what
to do to get gpg2 to work would any people have suggestion?

$ /usr/bin/gpg --card-status
Application ID ...: B000
Version ..: 2.0
Manufacturer .: ZeitControl
Serial number : 0099
Name of cardholder: [not set]
Language prefs ...: de
Sex ..: unspecified
URL of public key : [not set]
Login data ...: [not set]
Private DO 1 .: [not set]
Private DO 2 .: [not set]
Signature PIN : forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key : [none]
Encryption key: [none]
Authentication key: [none]
General key info..: [none]

(NB: Application ID / Serial number redacted)

Now problem begins if I try to use GPG2

$ /usr/bin/gpg2 --card-status
gpg: selecting openpgp failed: Unsupported certificate
gpg: OpenPGP card not available: Unsupported certificate

$ GPG_AGENT_INFO= gpg2 --card-status
gpg-agent[3434]: can't connect to the SCdaemon: IPC connect call failed
gpg: OpenPGP card not available: No SmartCard daemon

And syslog entries when connecting cryptostick:
kernel: [ .106918] usb 3-2: new full-speed USB device number 8 using
xhci_hcd
kernel: [ .124152] usb 3-2: New USB device found, idVendor=20a0,
idProduct=4107
kernel: [ .124160] usb 3-2: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
kernel: [ .124164] usb 3-2: Product: Crypto Stick v1.2
kernel: [ .124167] usb 3-2: Manufacturer: German Privacy Foundation
kernel: [ .124573] usb 3-2: ep 0x81 - rounding interval to 128
microframes, ep desc says 192 microframes
mtp-probe: checking bus 3, device 8:
"/sys/devices/pci:00/:00:14.0/usb3/3-2"
mtp-probe: bus: 3, device: 8 was not an MTP device
[ 1113.231440] xhci_hcd :00:14.0: WARN Event TRB for slot 7 ep 4 with
no TDs queued?
[ 1113.231450] xhci_hcd :00:14.0: WARN Event TRB for slot 7 ep 3 with
no TDs queued?
[ 1113.231454] xhci_hcd :00:14.0: WARN Event TRB for slot 7 ep 2 with
no TDs queued?
[ 1113.231457] xhci_hcd :00:14.0: WARN Event TRB for slot 7 ep 0 with
no TDs queued?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users