Re: YubiKey/OpenPGP card connection issues for non-root user

[Michael Richardson]

Felix E. Klee  wrote:
> system (running in VMware under Windows), it sometimes takes minutes to

> [felix@felix-arch ~]$ ls /dev/bus/usb/002/011 /dev/bus/usb/002/011

I think you need to make sure that it's not VMware that's failing to plug the
device through in a timely manner.

dmesg -w

Would confirm that it's getting there.  You say that you can get it working
as root.  How does --card-status know which USB device to use?  Does it
perhaps scan through all devices? I wonder if it is getting stuck on some
other device that it hasn't got permission?

> How do I fix that?

> I am happy to substitute the udev rules with a timer, or to call some
> command to give permissions every time I want to use the YubiKey or the
> OpenPGP card. I just would like the whole process to be more reliable.
> Currently, it’s extremely frustrating.

!-indeed.



--
Michael Richardson. o O ( IPv6 IøT consulting )
   Sandelman Software Works Inc, Ottawa and Worldwide






signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GPGME: disable S/MIME (signature verification)

[ilf]

That seems to work nicely. Thanks!

Ingo Klöcker:
It shouldn't. OpenPGP is handled by gpg which has it's own config file. 
gpgsm.conf is only used by gpgsm which deals with S/MIME.


--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

YubiKey/OpenPGP card connection issues for non-root user

[Felix E. Klee]

Recently I set up a YubiKey 5C NFC, and when I connect it to my Linux
system (running in VMware under Windows), it sometimes takes minutes to
be able to use. I.e. it can take forever until I get a successful
response from:

gpg --card-status

OTOH I can immediately get a response when I run the above command as
root. Now I notice that the occasional connection issues I have with the
OpenPGP card in my SCM SPR332 are similar. Furthermore, it happens that
the YubiKey or the card reader suddenly disappear for the ordinary user,
although that is rare.

I have set up udev rules for both. But it seems that sometimes they
don't trigger, or only with a long delay.

[felix@felix-arch ~]$ cd /etc/udev/rules.d/
[felix@felix-arch rules.d]$ cat 70-yubikey.rules
# YubiKey Support
#

ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050",
ENV{ID_MODEL_ID}=="0404", MODE="660", GROUP="scard"
[felix@felix-arch rules.d]$ cat 71-gnupg-ccid.rules # GPG SmartCard
Reader Support
#

ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="04e6",
ENV{ID_MODEL_ID}=="e003", MODE="660", GROUP="scard"

Even without udev rules, I think I should have access to the devices,
because I'm in group `scard`:

[felix@felix-arch ~]$ ls /dev/bus/usb/002/011
/dev/bus/usb/002/011
[felix@felix-arch ~]$ ls -l /dev/bus/usb/002/011
crw-rw 1 root scard 189, 138 Aug  3 14:56 /dev/bus/usb/002/011
[felix@felix-arch ~]$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
[felix@felix-arch ~]$ groups
scanner saned uucp optical lp audio wheel felix scard plugdev
[felix@felix-arch ~]$ lsusb
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 004: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 003 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 003 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 011: ID 1050:0404 Yubico.com Yubikey 4/5 CCID
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

How do I fix that?

I am happy to substitute the udev rules with a timer, or to call some
command to give permissions every time I want to use the YubiKey or the
OpenPGP card. I just would like the whole process to be more reliable.
Currently, it’s extremely frustrating.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users