Re: Card readers supported by GPG's internal drivers
On Wed, Jul 12, 2006 at 05:15:34AM -0500, Jonathan Rockway wrote: >> Two possible options: >> First, if you're using CCID, does your user have proper write permission >> to the /dev/usb node? (Maybe try sudo gpg --card-status?) Yes, I've been manually changing the permissions on the device nodes to give the scard group (of which my user account is a member) read-write access. But this hasn't changed anything. (Running using sudo has the same output with the addition of a line warning about ownership of ~/.gnupg/gpg.conf. >> Secondly, have you tried pcscd? Install that, start the daemon, then >> run a tool like pcsc_scan (comes with debian's pcscd package, IIRC). >> Between pcsc_scan's output and pcscd's logfile, you might have much >> better luck debugging. For my card reader (built-in to my Dell laptop), >> I had to configure pcscd to "use buggy drivers" since apparently my card >> reader was untested. It works fine, and now I use my OpenPGP card for >> signing mail and logging into machines via ssh. Yes, I've tried pcscd. Sadly the licence of the driver for my smartcard reader is unclear (the LICENCE file is missing from the download .zip file). The card was certainly detected by pcscd but I had problems completing very basic steps - pcscd segfaulted when I tried to set my name on the card. So I wanted to see if I could get the gpg internal system working as (potentially) the easiest route! Thanks, Tony signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Card readers supported by GPG's internal drivers
On Wed, Jul 12, 2006 at 12:02:12PM +0100, Mark Brown wrote: > On Tue, Jul 11, 2006 at 10:03:20PM +0100, Tony Whitmore wrote: > > > I'm running Ubuntu Dapper. Am I right in thinking the entries in > > /proc/bus/usb/XXX/XXX should be modified to match the rules (i.e. group > > scard, mode 644)? Because they don't seem to be: > > Current systems with udev should use somewhere obviously named in /dev > by default, with libusb preferring them. It's those that get their > permissions changed. There are unresolvable races with using /proc. Thanks for confirming this Mark. It's what I had suspected from the strace output [1]. gpg is certainly looking at entires in /dev/bus/usb when it runs, and doesn't seem to reference /proc at all. Having changed the permissions on the relevant device node, it hasn't changed the situation. Thanks, Tony [1] http://lists.gnupg.org/pipermail/gnupg-users/2006-July/028983.html signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Card readers supported by GPG's internal drivers
On Tue, Jul 11, 2006 at 10:03:20PM +0100, Tony Whitmore wrote: > I'm running Ubuntu Dapper. Am I right in thinking the entries in > /proc/bus/usb/XXX/XXX should be modified to match the rules (i.e. group > scard, mode 644)? Because they don't seem to be: Current systems with udev should use somewhere obviously named in /dev by default, with libusb preferring them. It's those that get their permissions changed. There are unresolvable races with using /proc. -- "You grabbed my hand and we fell into it, like a daydream - or a fever." ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Card readers supported by GPG's internal drivers
On Wed, Jul 12, 2006 at 09:05:58AM +0200, Werner Koch wrote:
> On Tue, 11 Jul 2006 20:16, Tony Whitmore said:
>
> > Is there a compatibility list of drivers supported by GPG's internal
> > card reader driver, other than the relevant part of the HOWTO? Do
>
> No there is no such list. This is becuase the driver implements the
> CCID specification with a few limitations (only T-1, auto-negoations
> required). It only a matter of the reader.
Ah OK. It's not entirely clear from the spec of my reader whether it supports
the CCID specification, although it does say it supports the T=1 protocol.
> > $ gpg --card-status
> > gpg: pcsc_establish_context failed: no service (0x8010001d)
> > gpg: card reader not available
> > gpg: OpenPGP card not available: general error
>
> Using --debug-ccid-driver will give more information.
Not all that much more, I'm afraid. :)
$ gpg --debug-ccid-driver --card-status
gpg: DBG: ccid-driver: no CCID reader with number 0
gpg: pcsc_establish_context failed: no service (0x8010001d)
gpg: card reader not available
gpg: OpenPGP card not available: general error
Running the command through an strace shows gpg trying to access device nodes
directly (e.g. /dev/bus/usb/002/022) rather than entries in /proc/bus/usb as
the HOWTO talks about. The device nodes are, by default, writeable only by
root. But even with tweaked permissions and group ownership on the device
node, the same error occurs. The difference is that instead of reporting
"Permission denied" on the device node, strace shows:
open("/dev/bus/usb/002/022", O_RDWR)= 3
ioctl(3, USBDEVFS_IOCTL, 0xbfe8ad20)= -1 ENOTTY (Inappropriate ioctl for
device)
If there are any more suggestions of what I can try, I'm all ears. :)
Thanks,
Tony
signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Card readers supported by GPG's internal drivers
On Tue, 11 Jul 2006 20:16, Tony Whitmore said: > Is there a compatibility list of drivers supported by GPG's internal > card reader driver, other than the relevant part of the HOWTO? Do No there is no such list. This is becuase the driver implements the CCID specification with a few limitations (only T-1, auto-negoations required). It only a matter of the reader. > $ gpg --card-status > gpg: pcsc_establish_context failed: no service (0x8010001d) > gpg: card reader not available > gpg: OpenPGP card not available: general error Using --debug-ccid-driver will give more information. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Card readers supported by GPG's internal drivers
Matthias Kirschner wrote: > * Tony Whitmore <[EMAIL PROTECTED]> [2006-07-11 19:16:02 +0100]: > >> $ gpg --card-status >> gpg: pcsc_establish_context failed: no service (0x8010001d) >> gpg: card reader not available >> gpg: OpenPGP card not available: general error > > Sorry, wrong link in my last e-mail. Please try this: > http://lists.gnupg.org/pipermail/gnupg-devel/2006-July/023000.html Thanks Matze. I've removed the udev rules/script I had previously setup as per the HOWTO and substituted the rules you gave. I've symlinked them into /etc/udev/rules.d too and restarted udev, but get the same result. I'm running Ubuntu Dapper. Am I right in thinking the entries in /proc/bus/usb/XXX/XXX should be modified to match the rules (i.e. group scard, mode 644)? Because they don't seem to be: # ls -l /proc/bus/usb/002/021 -rw-r--r-- 1 root root 43 2006-07-11 21:58 /proc/bus/usb/002/021 I get the same failure as reported before even if I manually change the group and permissions on the device node. And yes, my user is in the scard group. :) FWIW, lsusb for the device reports: Bus 002 Device 021: ID 072f:0001 Advanced Card Systems, Ltd AC1030-based SmartCard Reader What can I try next? Thanks, Tony signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
