Re: Card Reader on Cherry Keyboard (omnikey) with OpenPGP Smart Card
On Tue, 9 Aug 2011 16:28, oleksandr.shney...@obviously-nice.de said: > Actually, I only need, that ssh authentication works with that cards and > omnikey card readers. How do you think, is there are a chances, that > it'll be work soon? Should I try to use pc/sc driver? The pc/sc driver won't work; thus better stop pcscd. The internal driver often works; it usually does not work for key generation. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Card Reader on Cherry Keyboard (omnikey) with OpenPGP Smart Card
Thank you for your answer, Werner Actually, I only need, that ssh authentication works with that cards and omnikey card readers. How do you think, is there are a chances, that it'll be work soon? Should I try to use pc/sc driver? lg, alex Am 09.08.2011 15:31, schrieb Werner Koch: > On Tue, 9 Aug 2011 12:04, oleksandr.shney...@obviously-nice.de said: > >> I have issues using OpenPGP smart cards from "kernel concepts" with >> omnikey card reader integrated in Cherry keyboard (Cherry XX44 USB keyboard) > > Omnikey based readers don't work with that card because the readers > don't support Extended Length APDUs. Well, under Windows they work > because their driver uses undocumented tricks to do it. I tried to the > same in GnuPG's internal driver but that is not really reliable. > > > Shalom-Salam, > >Werner > -- Oleksandr Shneyder Dipl. Informatik X2go Core Developer Team email: oleksandr.shney...@obviously-nice.de web: www.obviously-nice.de --> X2go - everywhere@home signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Card Reader on Cherry Keyboard (omnikey) with OpenPGP Smart Card
On Tue, 9 Aug 2011 12:04, oleksandr.shney...@obviously-nice.de said: > I have issues using OpenPGP smart cards from "kernel concepts" with > omnikey card reader integrated in Cherry keyboard (Cherry XX44 USB keyboard) Omnikey based readers don't work with that card because the readers don't support Extended Length APDUs. Well, under Windows they work because their driver uses undocumented tricks to do it. I tried to the same in GnuPG's internal driver but that is not really reliable. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Card Reader on Cherry Keyboard (omnikey) with OpenPGP Smart Card
Hello list, I have issues using OpenPGP smart cards from "kernel concepts" with omnikey card reader integrated in Cherry keyboard (Cherry XX44 USB keyboard) I can read a smart card status: $ gpg --card-status Application ID ...: D276000124010205102E Version ..: 2.0 Manufacturer .: ZeitControl Serial number : 102E Name of cardholder: John Dow Language prefs ...: de Sex ..: unspecified URL of public key : [not set] Login data ...: alex Private DO 1 .: [not set] Private DO 2 .: [not set] Signature PIN : forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 5 Signature key : F14E 8ED6 2459 8260 9D0B D1F3 839F 90E1 8D22 1FF8 created : 2011-08-09 09:38:42 Encryption key: 1D98 37A5 BE5D 185F BDC0 AD1C 2D05 CC10 6206 765E created : 2011-08-09 09:38:42 Authentication key: 361B 505C DD7F 2F88 0C04 C5B1 BA91 2945 B68E 90D3 created : 2011-08-09 09:38:42 General key info..: [none] I can also change login data, PINs, etc. But I can not generate a keys: gpg/card> admin Admin commands are allowed gpg/card> generate Make off-card backup of encryption key? (Y/n) n gpg: NOTE: keys are already stored on the card! Replace existing keys? (y/N) y gpg: 3 Admin PIN attempts remaining before card is permanently locked Please enter the Admin PIN Please enter the PIN What keysize do you want for the Signature key? (2048) What keysize do you want for the Encryption key? (2048) What keysize do you want for the Authentication key? (2048) Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) " Real name: John Dow Email address: Comment: You selected this USER-ID: "John Dow" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o gpg: existing key will be replaced gpg: please wait while key is being generated ... gpg: apdu_send_simple(0) failed: unknown status error gpg: generating key failed gpg: key generation failed: general error Key generation failed: general error gpg/card> Using existing key for authentication works neither: $gpg-agent --enable-ssh-support --daemon --log-file /tmp/gpg-agent.log $ ssh-add -L The agent has no identities. $ cat /tmp/gpg-agent.log 2011-08-09 11:47:02 gpg-agent[16906] listening on socket `/tmp/gpg-3QmD1w/S.gpg-agent' 2011-08-09 11:47:02 gpg-agent[16906] listening on socket `/tmp/gpg-YdDV3Y/S.gpg-agent.ssh' 2011-08-09 11:47:02 gpg-agent[16907] gpg-agent (GnuPG) 2.0.14 started 2011-08-09 11:47:14 gpg-agent[16907] ssh handler 0xff1d20 for fd 8 started 2011-08-09 11:47:14 gpg-agent[16907] ssh request 1 is not supported 2011-08-09 11:47:14 gpg-agent[16907] ssh request handler for request_identities (11) started 2011-08-09 11:47:14 gpg-agent[16907] no running SCdaemon - starting it 2011-08-09 11:47:14 gpg-agent[16907] DBG: first connection to SCdaemon established gpg-agent[16907.10] DBG: -> GETINFO socket_name gpg-agent[16907.10] DBG: <- D /tmp/gpg-XE8ndK/S.scdaemon gpg-agent[16907.10] DBG: <- OK 2011-08-09 11:47:14 gpg-agent[16907] DBG: additional connections at `/tmp/gpg-XE8ndK/S.scdaemon' gpg-agent[16907.10] DBG: -> OPTION event-signal=12 gpg-agent[16907.10] DBG: <- OK gpg-agent[16907.10] DBG: -> GETATTR $AUTHKEYID gpg-agent[16907.10] DBG: <- S $AUTHKEYID OPENPGP.3 gpg-agent[16907.10] DBG: <- OK gpg-agent[16907.10] DBG: -> GETATTR SERIALNO 2011-08-09 11:47:15 gpg-agent[16907] SIGUSR2 received - updating card event counter gpg-agent[16907.10] DBG: <- S SERIALNO D276000124010205102E gpg-agent[16907.10] DBG: <- OK gpg-agent[16907.10] DBG: -> READKEY OPENPGP.3 gpg-agent[16907.10] DBG: <- ERR 100663305 No public key 2011-08-09 11:47:15 gpg-agent[16907] no suitable card key found: No public key 2011-08-09 11:47:15 gpg-agent[16907] ssh request handler for request_identities (11) ready gpg-agent[16907.10] DBG: -> RESTART gpg-agent[16907.10] DBG: <- OK 2011-08-09 11:47:15 gpg-agent[16907] ssh handler 0xff1d20 for fd 8 terminated If I using SCM card readers with this cards everything works just fine. I have some older smart cards from "kernel concepts", they working also perfect with both card readers (SCM and Omnikey in Cherry keyboard). Have anybody the same problem? Is there a chance that we can use this Open PGP cards with Cherry keyboards? (we have bought a 100 smart cards and keyboards for our company) System is debian squeeze # dpkg --list | grep -i gnupg ii debian-archive-keyring2010.08.28 GnuPG archive keys of the Debian archive ii gnupg 1.4.10
