Specifying smartcard reader when multiple readers attached

[Jared Vacanti via Gnupg-users]

Using gpg (GnuPG) 2.2.19, is there a way to specify a reader when multiple
readers are available? For example:

$ gpg --card-status --reader FEITIAN
gpg: WARNING: "--reader-port" is an obsolete option - it has no effect
except on scdaemon

I seem to only be able to interact with smartcards or the Yubikey 5 NFC
OpenPGP applet when the device is the only one available.

Any feedback would be really appreciated.

Jared
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Feature request: treat missing smartcard reader as missing smartcard

[Peter Lebbing]

On 18/01/17 00:21, NIIBE Yutaka wrote:
> This is just a lucky coincidence, but I'm glad to see the development of
> GnuPG goes well.

Ah, two birds with one stone! Thank you for working on multi-card-reader
setups!

> Thank you for your support of GnuPG.  Your support encourages me
> (hopefully, all of us) fixing bugs and adding feature(s).

I'm real happy to hear that! Thank you! I love the improvements GnuPG
2.1 brings!

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Feature request: treat missing smartcard reader as missing smartcard

[Loy Fortner]

Please stop sending me this message I don't know what you are talking about
so stop

On Jan 17, 2017 6:54 PM, "NIIBE Yutaka"  wrote:

> Peter Lebbing  wrote:
> > For instance, if I open an encrypted mail in Thunderbird/Enigmail, I see
> > the following:
> >
> > - Card reader is plugged in but no card or different card present in
> reader:
> >
> > I am prompted to insert the correct OpenPGP card. Once I do this and
> > okay the prompt, decryption is succesful.
> >
> > - Card reader not plugged in:
> >
> > Empty message window with Enigmail error on the lines of "Decryption
> > failed. No secret key available."
>
> Good point.
>
> In the development branch, I'm currently working for multiple card/token
> support (currently only with internal CCID driver).  And I also happened
> to notice this difference this month.
>
> Now in the repo (master), signing and decryption work well with multiple
> card/token and a user is prompted when there is no relevant card/token.
>
> This is just a lucky coincidence, but I'm glad to see the development of
> GnuPG goes well.
>
> Thank you for your support of GnuPG.  Your support encourages me
> (hopefully, all of us) fixing bugs and adding feature(s).
> --
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Feature request: treat missing smartcard reader as missing smartcard

[NIIBE Yutaka]

Peter Lebbing  wrote:
> For instance, if I open an encrypted mail in Thunderbird/Enigmail, I see
> the following:
>
> - Card reader is plugged in but no card or different card present in reader:
>
> I am prompted to insert the correct OpenPGP card. Once I do this and
> okay the prompt, decryption is succesful.
>
> - Card reader not plugged in:
>
> Empty message window with Enigmail error on the lines of "Decryption
> failed. No secret key available."

Good point.

In the development branch, I'm currently working for multiple card/token
support (currently only with internal CCID driver).  And I also happened
to notice this difference this month.

Now in the repo (master), signing and decryption work well with multiple
card/token and a user is prompted when there is no relevant card/token.

This is just a lucky coincidence, but I'm glad to see the development of
GnuPG goes well.

Thank you for your support of GnuPG.  Your support encourages me
(hopefully, all of us) fixing bugs and adding feature(s).
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Feature request: treat missing smartcard reader as missing smartcard

[Peter Lebbing]

Hi devs,

I think scdaemon would behave more predictably and more *correct* if it
treated a missing or changed card reader as a missing or changed card.

For instance, if I open an encrypted mail in Thunderbird/Enigmail, I see
the following:

- Card reader is plugged in but no card or different card present in reader:

I am prompted to insert the correct OpenPGP card. Once I do this and
okay the prompt, decryption is succesful.

- Card reader not plugged in:

Empty message window with Enigmail error on the lines of "Decryption
failed. No secret key available."


These days, it is quite common to see readers with either integrated
smartcards or smartcards that can't be changed or removed easily. I
think these devices should be treated as currently the smartcard is.
I.e., if the reader is not plugged in, prompt the user to insert their
smartcard just like scdaemon would if the reader were present but empty.

I think this is also the reason why in this[1] mail to gnupg-users,
Anton is not able to do the same procedure as I could. I used a desktop
smartcard reader and two regular OpenPGP cards. Anton used one regular
OpenPGP card and one Yubikey. Where I was prompted to change cards, his
attempt likely failed because he had to swap *readers* as well as cards.

Peter.

[1] <https://lists.gnupg.org/pipermail/gnupg-users/2017-January/057445.html>

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[Nix]

On 22 Oct 2016, Bjoern Kahl spake thusly:
>  I /think/ it worked exactly once.  But then I played a bit with the
>  PIV applet on the YubiKey (using yubico's piv-tool), and since then
>  I can not get to the OpenPGP applet on the YubiKey.  Only the PIV
>  works (I see my x509 certificates in there in Keychain and can used
>  in Safari to authenticate to for example StartSSL.com)

If you're using pcscd, there's no way this will work without at least
OpenSC 0.16.0, which was released quite recently (due to spec violations
in the Yubikey Neo and 4's PIV applet which have exactly the effects you
see). The master branch is more likely yet to work.

Getting both PIV and GPG to work simultaneously is an even bigger kettle
of pain :/

-- 
NULL && (void)

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: yubikey 4 openkeychain rsa [WAS: smartcard reader]

[Thomas Glanzmann]

Hello,

> The Yubikey Neo has NFC which is how it is usable with android. There is a
> video of it in action here:
> https://grepular.com/An_NFC_PGP_SmartCard_For_Android

I know about the Yubikey Neo. However it can only do 2048 Bit RSA. So
I'm really interested how to use the Yubikey 4 or Yubikey 4 Nano without
NFC with Android. Googeling a little bit around it seems there is patch
which works for some people but I was unable to find a howto use it.

Cheers,
Thomas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[Bjoern Kahl]

 Hi All,

Am 20.10.16 um 19:46 schrieb li...@michel-messerschmidt.de:
>> Are there any new options that weren't listed already?
> 
> yubikey4
> 
> Although I had very good experience with the SPR 532 (and a lot of trouble 
> with another Cyberjack reader, the Comfort IIRC), the yubikey token has a 
> better trade-off between usability and security for me.
> 
> Mainly because its usable on mobile devices through openkeychain, but good 
> support of 4k RSA keys is also welcome. Lack of a pin-pad is the main 
> drawback. Tamper resistance and firmware source may be other discussion 
> topics.

 Not sure the YubiKey4 is a good choice to start with.  I bought one
 specifically for use with GnuPG (and for its U2F support).  I had a
 lot of troubles getting my YubiKey on it.  It finally worked using a
 recent Ubuntu, but on my Macbook with MacOS "El Capitan" I am unable
 to access the keys.  I only get "card error".  Digging deeper with
 dtruss (kind of "strace") I got as far as that scdaemon gets a "pcsc:
 sharing violation".

 I /think/ it worked exactly once.  But then I played a bit with the
 PIV applet on the YubiKey (using yubico's piv-tool), and since then
 I can not get to the OpenPGP applet on the YubiKey.  Only the PIV
 works (I see my x509 certificates in there in Keychain and can used
 in Safari to authenticate to for example StartSSL.com)

 (Any hints to get PIV and OpenPGP work side-by-side are most welcome.)


 Tl;dr:

 If adding the YubiKey, then there should be a warning not to never
 play with the PIV applet on it.


 Best regards

Björn

-- 
| Bjoern Kahl   +++   Siegburg   +++Germany |
| "mls@-my-domain-"   +++www.bjoern-kahl.de |
| Languages: German, English, Ancient Latin (a bit :-)) |

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: yubikey 4 openkeychain rsa [WAS: smartcard reader]

[kendrick eastes]

The Yubikey Neo has NFC which is how it is usable with android. There is a
video of it in action here:
https://grepular.com/An_NFC_PGP_SmartCard_For_Android

On Sat, Oct 22, 2016 at 2:46 AM, Thomas Glanzmann 
wrote:

> Hello Michel,
>
> [RESEND: forgot list]
>
> > Mainly because its usable on mobile devices through openkeychain
>
> I have two yubikeys myself, one yubikey 4 nano constantly plugged into
> my main workstation and another yubikey4 on my keychain. I use it for
> ssh authentication and gpg also using ssh and gpg agent forwarding.
> Works like a charm. But since the yubikey has no option for RFID I
> wonder how you can use it on android? I use maildroid to read my email
> on android. Is there a step by step howto how to get that working?
>
> Cheers,
> Thomas
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[Thomas Jarosch]

Am 22.10.2016 um 00:26 schrieb Gregor Zattler:
>> I've posted a "success report" about card readers a year ago:
>> https://lists.gnupg.org/pipermail/gnupg-users/2015-August/054102.html
>>
>> The Reiner cyberJack Go "plus" (USB id 0c4b:0504) works fine,
>> not sure about the version with "plus" though.
> 
> Isn't there a contradiction between the last line and the line
> before the last one?  Sorry: did you test the "plus" version or not?

yes, I noticed, too, after sending the message :o)
I tested the plus version. The "with" should be a "without".
See the earlier success report.

May be we can add pictures to the wiki of some readers
or include a side-by-side picture. I still have all three
of them sitting on my desk. That might help others to decide.

Cheers,
Thomas


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

yubikey 4 openkeychain rsa [WAS: smartcard reader]

[Thomas Glanzmann]

Hello Michel,

[RESEND: forgot list]

> Mainly because its usable on mobile devices through openkeychain

I have two yubikeys myself, one yubikey 4 nano constantly plugged into
my main workstation and another yubikey4 on my keychain. I use it for
ssh authentication and gpg also using ssh and gpg agent forwarding.
Works like a charm. But since the yubikey has no option for RFID I
wonder how you can use it on android? I use maildroid to read my email
on android. Is there a step by step howto how to get that working?

Cheers,
Thomas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[Thomas Jarosch]

Am 19.10.2016 um 13:01 schrieb Werner Koch:
[list of card readers]
>> SCM SPR 532
>> USB ID: 04e6:e003
>> PC/SC reader name: SPRx32
>
> ..
>
>> Reiner cyberJack Go
>> USB ID: 0c4b:0504
> 
> Does not work.

I've posted a "success report" about card readers a year ago:
https://lists.gnupg.org/pipermail/gnupg-users/2015-August/054102.html

The Reiner cyberJack Go "plus" (USB id 0c4b:0504) works fine,
not sure about the version with "plus" though.

The Cherry ST-2000 reader is a bit bulky, personally I like
the SPR 532 but the cyberJack Go has a nice display
and is easy to carry around.


Yesterday I've came up with the idea if the cyberJack Go reader would
also work with a USB OTG adapter on an Android based phone. Might be a
nice alternative to NFC + software based pinpad.
-> I will test this once I get my hands on an USB OTG adapter.

HTH,
Thomas




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[lists]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

>Are there any new options that weren't listed already?

yubikey4

Although I had very good experience with the SPR 532 (and a lot of trouble with 
another Cyberjack reader, the Comfort IIRC), the yubikey token has a better 
trade-off between usability and security for me.

Mainly because its usable on mobile devices through openkeychain, but good 
support of 4k RSA keys is also welcome. Lack of a pin-pad is the main drawback. 
Tamper resistance and firmware source may be other discussion topics.


Regards,
Michel
- --
This mail scanned by NSA Internet Security
-BEGIN PGP SIGNATURE-

iQJRBAEBCgA7NBxNaWNoZWwgTWVzc2Vyc2NobWlkdCA8bWFpbEBtaWNoZWwtbWVz
c2Vyc2NobWlkdC5kZT4FAlgJAu8ACgkQvTGBzyTSHbXPgw/+MQF13bXPrfVB6PS/
QkmVWiXJV2T18hm7jeg3V3eusGX2pgiRxZ6quK0xuB1zYpSOqmBHJYwE7CE+AZcK
x0Z95JQSGGQ5cnZl1npsk41vMibdvr5LVYLRGT4h5VNPubOzp6BAV+Az9yMk1q8d
wE8AU2mONWyoyWhZibZ/K5wFWG8neoIJKB1c9xh7FskncdCd3F/Hf0w0MdfAuf5H
q8lDXaMfhTBBqNk913V04cp/tn5rTTiTQ2MqyNglqhmNBUDD6DaCD3KF8ycgqXmC
WGNgWNnmxfDdEI7sGo+p9IF0lQNYdRWcTtUyNs3QZZr0+xw0qLQI3cDMm+VKoes6
3RTZc3/m6kltjVOoq8vcPl7HAoiBojHzt1oC4ggXsQ3NQCJaiLKns15TlQ4QzI3Y
0Z5admjxEKq9rZ84knwwXWVucHLBUZ2+lQm7vZISyHkFXHZhCb9BwOlRKv//Jxsd
DAhlKjOoryWae23P5NtOyRLaY9OSQQi8iNGKevgAqLMiboTr6L4gj6fIhRBp3BG+
72nKUsWyTxs89mvx3rDtbRJ+6LzWt1njOoozbxm3fc844ml3Nh1P1SIe709sy0iH
yzoMFv3iiLC3WB/vYEkSjGQaDRk3FYu8c0wcushInSBHG+gDTjQgTxxbtOoL1sx+
TPTWrPpI1yWWlUx2mS7ffXkDfy4=
=hCnc
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[Daniel Pocock]

On 19/10/16 13:01, Werner Koch wrote:
> On Mon, 17 Oct 2016 22:50, gnudev...@gmail.com said:
> 
>> SCM SPR 532 USB ID: 04e6:e003 PC/SC reader name: SPRx32
> 
> FWIW, the company is known indentive but the readers still work.
> 
>> KAAN Advanced USB ID: 0d46:
> 
> Has problems with larger signing keys - I used it in the past.
> 
>> FSIJ Gnuk Token USB ID: 234b:
> 
> Not a reader but a token which im-plements the same interface as a 
> reader.  I used it all the time; despite that it is not taper 
> resistant.
> 
>> Reiner cyberJack Go USB ID: 0c4b:0504
> 
> Does not work.
> 
>> Vasco DigiPASS 920 USB ID: 1a44:0920
> 
> Never tried.
> 
>> Cherry ST2000 USB ID: 046a:003e
> 
> I used it for some weeks.  I stopped using it only due to local 
> problems.
> 

Thanks for helping eliminate some of those from the list, is anybody
able to update the wiki?

Are there any new options that weren't listed already?

I also added another blog about choosing hardware today:


https://danielpocock.com/choosing-smartcards-readers-hardware-for-outreachy-2016


Regards,

Daniel

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[NdK]

Il 19/10/2016 13:06, Werner Koch ha scritto:

> There is no integrated card.  gnuk uses an SM32 MCU which implements the
> OpenPGP card and CCID interface specs.  This has the huge advantage that
> all software (firmware) is free software.  The drawback is that it is
> not tamper resistant - your safe with important woodware documents or
> your gpg key backup isn't tamper resistant either.  I prefer the free
> software solution given that the attack surface is smaller.
Well, actually the situation is a bit better: the keys at rest are
stored encrypted, even if kdf function uses less rounds not to slow down
unlocking too much... So even if an adversary manages to get the token
and retrieve the memory contents, he still have to find the passphrase
to decode the keys. Quite like the situation where he somehow accesses
your privring from a powered down computer.

BYtE,
 Diego


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[Werner Koch]

On Wed, 19 Oct 2016 10:17, st...@mailbox.org said:

> I haven't found any information on whether gnuk token (as an
> implementation of reader and card) accepts the exchange of the
> integrated card (for another one)? That was one of the main reasons for

There is no integrated card.  gnuk uses an SM32 MCU which implements the
OpenPGP card and CCID interface specs.  This has the huge advantage that
all software (firmware) is free software.  The drawback is that it is
not tamper resistant - your safe with important woodware documents or
your gpg key backup isn't tamper resistant either.  I prefer the free
software solution given that the attack surface is smaller.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpyJF7piUVVX.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[Werner Koch]

On Mon, 17 Oct 2016 22:50, gnudev...@gmail.com said:

> SCM SPR 532
> USB ID: 04e6:e003
> PC/SC reader name: SPRx32

FWIW, the company is known indentive but the readers still work.

> KAAN Advanced
> USB ID: 0d46:

Has problems with larger signing keys - I used it in the past.

> FSIJ Gnuk Token
> USB ID: 234b:

Not a reader but a token which im-plements the same interface as a
reader.  I used it all the time; despite that it is not taper
resistant.

> Reiner cyberJack Go
> USB ID: 0c4b:0504

Does not work.

> Vasco DigiPASS 920
> USB ID: 1a44:0920

Never tried.

> Cherry ST2000
> USB ID: 046a:003e

I used it for some weeks.  I stopped using it only due to local
problems.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgphyX_7YF5UW.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[Stephan Beck]

Hi,

NIIBE Yutaka:
> On 10/19/2016 12:40 AM, Stephan Beck wrote:
>>> FSIJ Gnuk Token
>>> USB ID: 234b:
> 
> Ah...  This is not a card reader.  It is the project of Free Software
> Initiative of Japan (FSIJ) since 2010.  FSIJ acquired USB vendor ID,
> specifically for this project.  Please visit:
> 
> https://www.fsij.org/category/gnuk.html

Went there and bookmarked it. I even went to
https://www.fsij.org/doc-gnuk/index.html and gave it a thorough read.
It's a clear, concise and well-structured doc.
> 
> Card reader products are more complex than the hardware requirement of
> Gnuk.  If you like KISS philosophy, you might prefer Gnuk Token.

The next one I'll try out will be the gnuk token.
> 
>> you can order gnuk token at/from
>> https://www.seeedstudio.com/FST-01-without-Enclosure-p-1276.html
> 
> It is sold as an evaluation board.  It happened to have Gnuk 1.0.1
> installed.   It is an implementation of reader+card.

I haven't found any information on whether gnuk token (as an
implementation of reader and card) accepts the exchange of the
integrated card (for another one)? That was one of the main reasons for
the Nitrokey Storage (based on Atmel
AT32UC3A3256S) now (in theory) permitting the exchange of the integrated
card, people like FSFE members, for instance, could not use Nitrokey Pro
as they have their own card.

> 
>> https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator.
> 
> This has TRNG implementation (NeuG 1.0.4), instead.  The source of
> noise is not that exotic, though.  You can replace the firmware to
> Gnuk by yourself.  The upgrade process doesn't require JTAG/SWD
> debugger, but having JTAG/SWD debugger is highly recommended to
> control your computing (or just in case when failure of upgrade).
> 
> Hardware is same (sans cover).  The support page is here:
> 
> https://www.gniibe.org/category/fst-01.html
> 
> I tried to sell the hardware widely as possible with help by Seeed and
> FSF, but my capability is limited.  Selling hardware product means
> we need to follow regulations.  That's difficult for me.
> 
> 
> For Europe, I heard that Nitrokey Start runs Gnuk 1.0.4.  Availability
> of this product is better, I suppose.

Yes, I also read that they use Gnuk.
> 
> I think that Nitrokey Start and Nitrokey Pro is based on the hardware
> design of mine (although I was not involved).  I got a report to Gnuk
> Mailing list about firmware upgrade of Gnuk doesn't work well on
> Nitrokey Start.  If someone can investigate the cause and possibly fix
> an issue, it will be great.
> 
> 
> I gave a talk of Gnuk at https://openpgp-conf.org/program.html
> There is a link to my slides.

Thanks, I read the report on gnupg.org, I'll take a look at the slides.
Thanks again for this very valuable first-hand information.

Cheers (cup of coffee!)

Stephan




0x4218732B.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[NIIBE Yutaka]

On 10/19/2016 12:40 AM, Stephan Beck wrote:
>> FSIJ Gnuk Token
>> USB ID: 234b:

Ah...  This is not a card reader.  It is the project of Free Software
Initiative of Japan (FSIJ) since 2010.  FSIJ acquired USB vendor ID,
specifically for this project.  Please visit:

https://www.fsij.org/category/gnuk.html

Card reader products are more complex than the hardware requirement of
Gnuk.  If you like KISS philosophy, you might prefer Gnuk Token.

> you can order gnuk token at/from
> https://www.seeedstudio.com/FST-01-without-Enclosure-p-1276.html

It is sold as an evaluation board.  It happened to have Gnuk 1.0.1
installed.   It is an implementation of reader+card.

> https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator.

This has TRNG implementation (NeuG 1.0.4), instead.  The source of
noise is not that exotic, though.  You can replace the firmware to
Gnuk by yourself.  The upgrade process doesn't require JTAG/SWD
debugger, but having JTAG/SWD debugger is highly recommended to
control your computing (or just in case when failure of upgrade).

Hardware is same (sans cover).  The support page is here:

https://www.gniibe.org/category/fst-01.html

I tried to sell the hardware widely as possible with help by Seeed and
FSF, but my capability is limited.  Selling hardware product means
we need to follow regulations.  That's difficult for me.


For Europe, I heard that Nitrokey Start runs Gnuk 1.0.4.  Availability
of this product is better, I suppose.

I think that Nitrokey Start and Nitrokey Pro is based on the hardware
design of mine (although I was not involved).  I got a report to Gnuk
Mailing list about firmware upgrade of Gnuk doesn't work well on
Nitrokey Start.  If someone can investigate the cause and possibly fix
an issue, it will be great.


I gave a talk of Gnuk at https://openpgp-conf.org/program.html
There is a link to my slides.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: smartcard reader

[Stephan Beck]

Hi Liz,

Elizabeth Ferdman:
> Hello, 
> 
> I'm in the market for a smartcard reader and I live in the United
> States. I found two ways to get an OpenPGP card already, either from
> shop.kernelconcepts.de or from the FSFE as a sustaining member.
> Does anyone know how I can get a smart card reader though?
> It has to be one from this list:
[...]

> FSIJ Gnuk Token
> USB ID: 234b:

As stated at

https://www.gnupg.org/blog/index.html

you can order gnuk token at/from
https://www.seeedstudio.com/FST-01-without-Enclosure-p-1276.html
https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator.

I just picked out this one, may another one pick out a different list item.

Cheers

Stephan


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

smartcard reader

[Elizabeth Ferdman]

Hello, 

I'm in the market for a smartcard reader and I live in the United
States. I found two ways to get an OpenPGP card already, either from
shop.kernelconcepts.de or from the FSFE as a sustaining member.
Does anyone know how I can get a smart card reader though?
It has to be one from this list:

SCM SPR 532
USB ID: 04e6:e003
PC/SC reader name: SPRx32

KAAN Advanced
USB ID: 0d46:

FSIJ Gnuk Token
USB ID: 234b:

Reiner cyberJack Go
USB ID: 0c4b:0504

Vasco DigiPASS 920
USB ID: 1a44:0920

Cherry ST2000
USB ID: 046a:003e

Thanks,
Liz

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smartcard reader Precise Biometrics 200 MC

[NIIBE Yutaka]

On 09/20/2016 04:13 PM, Jan Prunk wrote:
> I am wondering if the smartcard reader "Precise Biometrics 200 MC" [1]
> is among the supported readers to be used with GnuPG ? Is there a
> guideline to follow for setting it up ?

For the reader, I found this discussion in 2010:


http://musclecard.996296.n3.nabble.com/pcsc-lite-ccid-Precise-MC-200-problems-with-T-1-td4543.html

It seemed that it became "unsupported" by PC/SC lite.  So, it is
highly likely not working with GnuPG.


Well, I maintain this list:

https://wiki.debian.org/GnuPG/CCID_Driver

Please install scdaemon.  Your operating system may require some
other permission settings.  For example, Debian GNU/Linux has:

/lib/udev/rules.d/60-scdaemon.rules

If your reader is not listed in such a file, you need your own
settings.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Smartcard reader Precise Biometrics 200 MC

[Jan Prunk]

Hello,

I am wondering if the smartcard reader "Precise Biometrics 200 MC" [1] is
among the supported readers to be used with GnuPG ? Is there a guideline to
follow for setting it up ?

1 -
http://precisebiometrics.com/wp-content/uploads/2014/11/ProductSheetPrecise200MC.pdf

Kind regards,
Jan Prunk
-- 
Jan Prunk   http://prunk.si
PGP Pubkey  http://prunk.si/0x9FD7F151.txt
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Compact smartcard reader with pin entry?

[CANNON NATHANIEL CIOTA]

I have a securely generated and stored PGP key on a smartcard. I wish to 
use my smartcard for email signing & decryption. Problem is that I am 
unable to do this since my current CAC reader does not have a built in 
pin entry. No point in smartcards if a keylogger can just simply harvest 
the pin then make use of the smartcard for signing/decryption whenever 
it is plugged in. This is a very real possibility. In fact there is a 
case where malware has done this in the past on DoD systems.


All the smartcard readers I have seen are unnecessarily massively bulky 
the size of a brick or untrusted hardware. What are recommendations for 
a compact CAC reader with built in pin entry from a trusted brand that 
works with GnuPG smartcards?


--
Cannon N. Ciota
Digital Identity (namecoin): id/cannon
Website: www.cannon-ciota.info
Email: can...@cannon-ciota.info
PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PlussID Smartcard Reader

[Antoine Michard]

YESS !!! It works with HID drivers:
x86 http://www.hidglobal.com/drivers/21277
x64 http://www.hidglobal.com/drivers/21278

If this can help someone later :D

Antoine Michard
GPG Key: 0xF5C9E7CD0882B381

Le 03/02/2016 09:05, Antoine Michard a écrit :
> Hi,
> 
> I've just try on my Windows computer and it works !!!
> So, It's the Omnikey linux driver... too bad :'(
> 
> Someone have something new about it ?? Make it work maybe ??
> 
> Thanks
> 
> Antoine Michard
> GPG Key: 0xF5C9E7CD0882B381
> 
> Le 02/02/2016 22:22, Antoine Michard a écrit :
>> I've found something and is bad:
>>
>> PC/SC device scanner
>> V 1.4.23 (c) 2001-2011, Ludovic Rousseau <ludovic.rouss...@free.fr>
>> Compiled with PC/SC lite version: 1.8.13
>> Using reader plug'n play mechanism
>> Scanning present readers...
>> 0: OMNIKEY AG Smart Card Reader 00 00
>>
>> Tue Feb 2 22:03:21 2016
>> Reader 0: OMNIKEY AG Smart Card Reader 00 00
>> ...
>>
>> So, the reader is an Omnikey, then I've found this:
>> Omnikey based readers don't work with that card because the readers
>> don't support Extended Length APDUs.
>> http://lists.gnupg.org/pipermail/gnupg-users/2011-August/042566.html
>>
>> I've contact +ID support to know a little more about it.
>> It is worth nothing, this reader is very tiny and you can take it with
>> you everywhere (It's the size of little lighter).
>>
>> Antoine Michard
>> GPG Key: 0xF5C9E7CD0882B381
>>
>> Le 02/02/2016 21:11, st...@mailbox.org a écrit :
>>> Hi,
>>>
>>>> Antoine Michard <antoine.mich...@chezgeek.fr> hat am 2. Februar 2016 um
>>>> 19:06 geschrieben:
>>>>
>>>>
>>>> Hi all,
>>>>
>>>> Recently, I've bought a PlussID (or +ID) Smartcard reader on there
>>>> website (http://www.pluss-id.com/). I bought it to use it on travel.
>>>>
>>>> I receive it today and it's really, really tiny !!
>>>>
>>>> But, unfortunetly it doesn't work with my OpenPGP Card 2.1 with 3 RSA
>>>> 4096bits keys. I can read data on the card, I can enter my PIN but then
>>>> I can't sign, decrypt or use my any key.
>>>>
>>>> What can I do to debug the smartcard reader ?? It is possible to resolve
>>>> this ??
>>>
>>> unfortunately I cannot answer you in detail but have you checked
>>> (particularly the Troubleshooting section)?
>>>
>>> (1) https://github.com/OpenSC/OpenSC/wiki/OpenPGP-card
>>>
>>> HTH
>>>
>>> Stebe
>>>
>>
>>
>>
>> ___
>> Gnupg-users mailing list
>> Gnupg-users@gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PlussID Smartcard Reader

[Antoine Michard]

Hi,

I've just try on my Windows computer and it works !!!
So, It's the Omnikey linux driver... too bad :'(

Someone have something new about it ?? Make it work maybe ??

Thanks

Antoine Michard
GPG Key: 0xF5C9E7CD0882B381

Le 02/02/2016 22:22, Antoine Michard a écrit :
> I've found something and is bad:
> 
> PC/SC device scanner
> V 1.4.23 (c) 2001-2011, Ludovic Rousseau <ludovic.rouss...@free.fr>
> Compiled with PC/SC lite version: 1.8.13
> Using reader plug'n play mechanism
> Scanning present readers...
> 0: OMNIKEY AG Smart Card Reader 00 00
> 
> Tue Feb 2 22:03:21 2016
> Reader 0: OMNIKEY AG Smart Card Reader 00 00
> ...
> 
> So, the reader is an Omnikey, then I've found this:
> Omnikey based readers don't work with that card because the readers
> don't support Extended Length APDUs.
> http://lists.gnupg.org/pipermail/gnupg-users/2011-August/042566.html
> 
> I've contact +ID support to know a little more about it.
> It is worth nothing, this reader is very tiny and you can take it with
> you everywhere (It's the size of little lighter).
> 
> Antoine Michard
> GPG Key: 0xF5C9E7CD0882B381
> 
> Le 02/02/2016 21:11, st...@mailbox.org a écrit :
>> Hi,
>>
>>> Antoine Michard <antoine.mich...@chezgeek.fr> hat am 2. Februar 2016 um
>>> 19:06 geschrieben:
>>>
>>>
>>> Hi all,
>>>
>>> Recently, I've bought a PlussID (or +ID) Smartcard reader on there
>>> website (http://www.pluss-id.com/). I bought it to use it on travel.
>>>
>>> I receive it today and it's really, really tiny !!
>>>
>>> But, unfortunetly it doesn't work with my OpenPGP Card 2.1 with 3 RSA
>>> 4096bits keys. I can read data on the card, I can enter my PIN but then
>>> I can't sign, decrypt or use my any key.
>>>
>>> What can I do to debug the smartcard reader ?? It is possible to resolve
>>> this ??
>>
>> unfortunately I cannot answer you in detail but have you checked
>> (particularly the Troubleshooting section)?
>>
>> (1) https://github.com/OpenSC/OpenSC/wiki/OpenPGP-card
>>
>> HTH
>>
>> Stebe
>>
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PlussID Smartcard Reader

[stebe]

Hi,

> Antoine Michard <antoine.mich...@chezgeek.fr> hat am 2. Februar 2016 um
> 19:06 geschrieben:
> 
> 
> Hi all,
> 
> Recently, I've bought a PlussID (or +ID) Smartcard reader on there
> website (http://www.pluss-id.com/). I bought it to use it on travel.
> 
> I receive it today and it's really, really tiny !!
> 
> But, unfortunetly it doesn't work with my OpenPGP Card 2.1 with 3 RSA
> 4096bits keys. I can read data on the card, I can enter my PIN but then
> I can't sign, decrypt or use my any key.
> 
> What can I do to debug the smartcard reader ?? It is possible to resolve
> this ??

unfortunately I cannot answer you in detail but have you checked
(particularly the Troubleshooting section)?

(1) https://github.com/OpenSC/OpenSC/wiki/OpenPGP-card

HTH

Stebe

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

PlussID Smartcard Reader

[Antoine Michard]

Hi all,

Recently, I've bought a PlussID (or +ID) Smartcard reader on there
website (http://www.pluss-id.com/). I bought it to use it on travel.

I receive it today and it's really, really tiny !!

But, unfortunetly it doesn't work with my OpenPGP Card 2.1 with 3 RSA
4096bits keys. I can read data on the card, I can enter my PIN but then
I can't sign, decrypt or use my any key.

What can I do to debug the smartcard reader ?? It is possible to resolve
this ??

Thanks for reply
-- 
Antoine Michard
GPG Key: 0xF5C9E7CD0882B381



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: PlussID Smartcard Reader

[Antoine Michard]

I've found something and is bad:

PC/SC device scanner
V 1.4.23 (c) 2001-2011, Ludovic Rousseau <ludovic.rouss...@free.fr>
Compiled with PC/SC lite version: 1.8.13
Using reader plug'n play mechanism
Scanning present readers...
0: OMNIKEY AG Smart Card Reader 00 00

Tue Feb 2 22:03:21 2016
Reader 0: OMNIKEY AG Smart Card Reader 00 00
...

So, the reader is an Omnikey, then I've found this:
Omnikey based readers don't work with that card because the readers
don't support Extended Length APDUs.
http://lists.gnupg.org/pipermail/gnupg-users/2011-August/042566.html

I've contact +ID support to know a little more about it.
It is worth nothing, this reader is very tiny and you can take it with
you everywhere (It's the size of little lighter).

Antoine Michard
GPG Key: 0xF5C9E7CD0882B381

Le 02/02/2016 21:11, st...@mailbox.org a écrit :
> Hi,
> 
>> Antoine Michard <antoine.mich...@chezgeek.fr> hat am 2. Februar 2016 um
>> 19:06 geschrieben:
>>
>>
>> Hi all,
>>
>> Recently, I've bought a PlussID (or +ID) Smartcard reader on there
>> website (http://www.pluss-id.com/). I bought it to use it on travel.
>>
>> I receive it today and it's really, really tiny !!
>>
>> But, unfortunetly it doesn't work with my OpenPGP Card 2.1 with 3 RSA
>> 4096bits keys. I can read data on the card, I can enter my PIN but then
>> I can't sign, decrypt or use my any key.
>>
>> What can I do to debug the smartcard reader ?? It is possible to resolve
>> this ??
> 
> unfortunately I cannot answer you in detail but have you checked
> (particularly the Troubleshooting section)?
> 
> (1) https://github.com/OpenSC/OpenSC/wiki/OpenPGP-card
> 
> HTH
> 
> Stebe
> 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smartcard reader disconnects

[NIIBE Yutaka]

Hello,

On 09/20/2015 05:07 AM, Miguel Barbosa Gonçalves wrote:
> Sometimes, after doing an operation, the smartcard reader apparently
> disconnects and I can only get it to work if I disconnect and
> reconnect it.

How do you conclude that "smartcard reader apparently disconnects"?
Did you see any error message or something?

> When it gets disconnected, if I try to access it, I get the following
> 
> $ gpg --card-status
> gpg: selecting openpgp failed: ec=6.108
> gpg: OpenPGP card not available: general error

What's the output of "lsusb" when you encounter this?  Do you still
see valid entry of your card reader?

> By the way, I am using Ubuntu 14.04 and everything works except for this.

When your 'gpg' is GnuPG 1.4.x and it's not configured using agent, it
is possible that there is gpg-agent and scdaemon running with your
card reader and GnuPG frontend of 'gpg' tries to access the card
reader directly and fails.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Smartcard reader disconnects

[Miguel Barbosa Gonçalves]

Hi!

I am using a USB Shell Token v2 that I bought from KernelConcepts with
a OpenPGP 2.1 smartcard.

Sometimes, after doing an operation, the smartcard reader apparently
disconnects and I can only get it to work if I disconnect and
reconnect it.

When it gets disconnected, if I try to access it, I get the following

$ gpg --card-status
gpg: selecting openpgp failed: ec=6.108
gpg: OpenPGP card not available: general error

By the way, I am using Ubuntu 14.04 and everything works except for this.

Does anyone have any idea?

Cheers,
Miguel

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP smartcard reader

[Robert J. Hansen]

> GNOME implements its own gpg-agent... badly... in ways that break
> smartcards.  I've heard they've recently fixed it, but as of 14.04 the
> broken GNOME behavior was still in place.  Search for GNOME and
> gpg-agent in these archives and you should find a solution.

And there's a wiki page for it, too:

http://wiki.gnupg.org/GnomeKeyring


Also see Simon Josefsson's writeup:

http://blog.josefsson.org/2015/01/02/openpgp-smartcards-and-gnome/


This misbehavior has been reported to Debian and Ubuntu:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773304


... Hope these links help!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OpenPGP smartcard reader

[Miguel Barbosa Gonçalves]

Hi!

I recently contributed to the FSFE and received an OpenPGP smartcard.

I ordered an Omnikey 3121 USB card reader. I am facing some problems
when using this reader and card combination on a Ubuntu 14.04 machine.

Using GnuPG 1.4.15 as root it works fine. GnuPG 2 does not work at all.

As a regular user, I have the gpg-agent running to authenticate to SSH
hosts and the card can't be read. As soon as I kill gpg-agent, gpg
works fine.

Any clues?

Or, what is the most compatible card reader available to read OpenPGP
smartcards using GnuPG 1 and 2?

Thanks in advance!

Cheers,
Miguel

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: OpenPGP smartcard reader

[Robert J. Hansen]

> Any clues?

GNOME implements its own gpg-agent... badly... in ways that break
smartcards.  I've heard they've recently fixed it, but as of 14.04 the
broken GNOME behavior was still in place.  Search for GNOME and
gpg-agent in these archives and you should find a solution.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Pin-pad on SPR332 smartcard reader does not work under OSX

[NIIBE Yutaka]

On 02/10/2015 12:25 AM, Niobos wrote:
 I have searched my system for reader.h, but didn't find that file. Next,
 I grepped through the better part of my filesystem (/usr, /System,
 /Library) for GET_FEATURE_REQUEST, and also came up empty.
 
 I have found a website [1] which might mean more to you that it does to
 me. From what I understand, OSX uses the same constants that GNU/Linux:
 
 #define SCARD_CTL_CODE(code) (0x4200 + (code))
 #define CM_IOCTL_GET_FEATURE_REQUEST SCARD_CTL_CODE(3400)
[...]
 [1] http://ludovicrousseau.blogspot.be/2013_10_01_archive.html

Thank you.  It seems for me that pcscd itself is modern and up-to-date
on OS X.  But, I'm afraid libccid is not so up to date on OS X.  And
I'm afraid if pinpad input is supported on OS X (not only for your
specific card reader, but in general).

 How can I debug this further?

I think that it is better to ask Apple if pinpad input is supported
(and update of libccid, if not).

Well, I don't think this is the matter of gnupg-users, but I'm writing
as an possible answer.  Sorry in advance, if it's irrelevant.

My script would help.

I wrote a Python script for testing pinpad input with OpenPGPcard
using PC/SC service.  By using this script, I have enhanced support of
some card readers into GnuPG.

   http://git.gniibe.org/gitweb/?p=gnuk/gnuk.git;a=blob;f=tool/pinpadtest.py

The script uses PySCard: http://pyscard.sourceforge.net/

I have no knowledge/experience if PySCard works on OS X, but
it works on GNU/Linux.

Please note that the purpose of my script is for testing card readers,
basically, and it's not for testing PC/SC service or operating system.
Usefulness depends.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Pin-pad on SPR332 smartcard reader does not work under OSX

[Niobos]

On 2015-02-09 15:33, NIIBE Yutaka wrote:
 On 02/09/2015 11:07 PM, Niobos wrote:
 How should I do that? Here is what I've found so far:

 % /usr/sbin/pcscd -v
 PCSC Framework version 1.4.0.
 Copyright (C) 1999-2002 by David Corcoran corco...@linuxnet.com.
 Copyright (C) 2001-2005 by Ludovic Rousseau ludovic.rouss...@free.fr.
 Copyright (C) 2003-2004 by Damien Sauveron sauve...@labri.fr.
 Portions Copyright (C) 2000-2007 by Apple Inc.
 Report bugs to scli...@linuxnet.com.
 
 Thanks for the information.
 
 In case of GNU/Linux, we have header files for PC/SC.  In those files,
 we have definitions like:
 
https://sources.debian.net/src/pcsc-lite/1.8.13-1/src/PCSC/reader.h/#L120
https://sources.debian.net/src/pcsc-lite/1.8.13-1/src/PCSC/reader.h/#L125
 
 In gnupg/scd/apdu.c, we use that value (the reason not to include the
 file is avoiding build dependency).
 
 IIUC, the value would be different in OS X's PCSC Framework, or it's
 not supported.

I have searched my system for reader.h, but didn't find that file. Next,
I grepped through the better part of my filesystem (/usr, /System,
/Library) for GET_FEATURE_REQUEST, and also came up empty.

I have found a website [1] which might mean more to you that it does to
me. From what I understand, OSX uses the same constants that GNU/Linux:

 #define SCARD_CTL_CODE(code) (0x4200 + (code))
 #define CM_IOCTL_GET_FEATURE_REQUEST SCARD_CTL_CODE(3400)

How can I debug this further?

N


[1] http://ludovicrousseau.blogspot.be/2013_10_01_archive.html



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Pin-pad on SPR332 smartcard reader does not work under OSX

[Niobos]

Hi,

I'm trying to get my smartcard to work under Mac OS X (OSX 10.9,
Mavricks) with GnuPG 2.1.1. It mostly works out of the box, but there is
one minor issue that I can't get to work: the pinpad on my SmartCard
reader (SPR332). (Pin is asked by the pinentry program, not by the card
reader itself)

I've tried to debug this myself. This is what I found:
I can see scdaemon doing pcsc_vendor_specific_init(), but failing:

 pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65538


How should I proceed to get this to work? Is it even supposed to work
under OSX? What additional info do you need?

Additional info: Card reader  card work fine under Linux; Card is the
ZeitControl card from g10code.com


Thanks in advance,
Niobos

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Pin-pad on SPR332 smartcard reader does not work under OSX

[NIIBE Yutaka]

On 02/09/2015 07:07 PM, Niobos wrote:
 I've tried to debug this myself. This is what I found:
 I can see scdaemon doing pcsc_vendor_specific_init(), but failing:
 
 pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65538

It means:
In order to use pinpad input, scdaemon asked PC/SC service to get code
of FEATURE_VERIFY_PIN_DIRECT and FEATURE_MODIFY_PIN_DIRECT, by
GET_FEATURE_REQUEST command.  But failed.

In this point, scdaemon had no way to use pinpad input.

 How should I proceed to get this to work? Is it even supposed to work
 under OSX? What additional info do you need?

I haven't got any report for OS X about pinpad input.

I think that scdaemon's apdu.c assumes using PC/SC-lite on OS X.
If not, I think that we need to fix the line 248-259 of apdu.c,
which defines CM_IOCTL_GET_FEATURE_REQUEST.

Could you please check your PC/SC service and version?
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Pin-pad on SPR332 smartcard reader does not work under OSX

[Niobos]

On 2015-02-09 14:31, NIIBE Yutaka wrote:
 On 02/09/2015 07:07 PM, Niobos wrote:
 I've tried to debug this myself. This is what I found:
 I can see scdaemon doing pcsc_vendor_specific_init(), but failing:

 pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65538
 
 It means:
 In order to use pinpad input, scdaemon asked PC/SC service to get code
 of FEATURE_VERIFY_PIN_DIRECT and FEATURE_MODIFY_PIN_DIRECT, by
 GET_FEATURE_REQUEST command.  But failed.
 
 In this point, scdaemon had no way to use pinpad input.

That is what I guessed it would mean, thank you for confirming that.


 How should I proceed to get this to work? Is it even supposed to work
 under OSX? What additional info do you need?
 
 I haven't got any report for OS X about pinpad input.
 
 I think that scdaemon's apdu.c assumes using PC/SC-lite on OS X.
 If not, I think that we need to fix the line 248-259 of apdu.c,
 which defines CM_IOCTL_GET_FEATURE_REQUEST.
 
 Could you please check your PC/SC service and version?

How should I do that? Here is what I've found so far:

% /usr/sbin/pcscd -v
PCSC Framework version 1.4.0.
Copyright (C) 1999-2002 by David Corcoran corco...@linuxnet.com.
Copyright (C) 2001-2005 by Ludovic Rousseau ludovic.rouss...@free.fr.
Copyright (C) 2003-2004 by Damien Sauveron sauve...@labri.fr.
Portions Copyright (C) 2000-2007 by Apple Inc.
Report bugs to scli...@linuxnet.com.

% readlink
/usr/libexec/SmartCardServices//drivers/ifd-ccid.bundle/Contents/MacOS/libccid.dylib
libccid.dylib.1.3.11


Niobos

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smartcard reader with pin-pad: working combo?

[Niels Laukens]

On 2013-02-08 11:23, Hendrik Jäger wrote:
 Hello Niels
 
 On Fri, 08 Feb 2013 10:10:56 +0100
 Niels Laukens ni...@dest-unreach.be wrote:
 
 How likely is it that this is going to work? The card seems to be
 supported by GnuPG, even for 4096RSA keys (which I plan to use).
 
 On the card’s page it says:
 Schlüssellänge jetzt bis zu 3072 Bits
 What makes you think it works with 4096-bit keys?

These:
http://www.corsac.net/?rub=blogpost=1548
https://chris.boyle.name/2011/02/gnupg-4096-bit-keys-openpgp
http://wiki.debian.org/Smartcards/OpenPGP#Features
http://lists.gnupg.org/pipermail/gnupg-users/2011-August/042750.html
http://lists.gnupg.org/pipermail/gnupg-users/2011-August/042761.html


 together with this reader: SCM SPR-332
 I bought this reader as well after I could not get the pinpad of
 Gemalto PC Pinpad USB
 Reader 
 (http://shop.kernelconcepts.de/product_info.php?cPath=1_26products_id=122)
 to work with GnuPG.
 It works just fine and (almost) out of the box, at least on Debian
 Linux.

That's good to hear. thank you!

Niels



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Smartcard reader with pin-pad: working combo?

[Hendrik Jäger]

Hello Niels

On Fri, 08 Feb 2013 10:10:56 +0100
Niels Laukens ni...@dest-unreach.be wrote:

 Which brings me to my main question: I'm thinking of buying this
 smartcard: OpenPGP SmartCard V2
 https://shop.kernelconcepts.de/product_info.php?cPath=1_26products_id=42
 together with this reader: SCM SPR-332
 https://shop.kernelconcepts.de/product_info.php?cPath=1_26products_id=61
 And would like to get this to work on my MacBook Pro with 10.6.8 (snow
 leopard). I'm not afraid to compile from applications from source, but
 would prefer not to mess with kernel modules.
 
 How likely is it that this is going to work? The card seems to be
 supported by GnuPG, even for 4096RSA keys (which I plan to use).

On the card’s page it says:
Schlüssellänge jetzt bis zu 3072 Bits
What makes you think it works with 4096-bit keys?

 But I'm not sure about the card reader.
 
 So to guard this topic: I'm also interested in the
 security-considerations of my intentions, but my main question is:
 what are the experiences with the mentioned card  cardreader?

I bought this reader as well after I could not get the pinpad of
Gemalto PC Pinpad USB
Reader 
(http://shop.kernelconcepts.de/product_info.php?cPath=1_26products_id=122)
to work with GnuPG.
It works just fine and (almost) out of the box, at least on Debian
Linux.

Best regards

Hendrik


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

SmartCard reader

[Richi Lists]

Hi,

how are the chances that I can use an agrolis (http://argolis.com/) usb
smart card reader with GPG?
It shows up as /dev/ttyACM0 

Rgds
Richard


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Is there a way to specify which smartcard reader to use?

[Alphazo]

Hello,

I have two USB dongle plugged in at the same time. One is the crypto
stick (OpenPGP card 2.0 + CCID reader) and the other one is a PKCS#11
token. I don't use any udev rule for the crypto stick as the latest ccid
lib supports it out of the box. Now I'm unable to do a gpg --card-status
with both token inserted.

gpg: detected reader `Feitian SCR301 00 00'
gpg: detected reader `German Privacy Foundation Crypto Stick v1.2 01 00'
Insérez la carte et tapez entrée ou entrez 'c' pour annuler:

Is there a way to specify which reader to use for that command?

For information, pcsc_scan reports the two readers correctly:

PC/SC device scanner
V 1.4.17 (c) 2001-2009, Ludovic Rousseau ludovic.rouss...@free.fr
ludovic.rouss...@free.fr
Compiled with PC/SC lite version: 1.6.4
Scanning present readers...
0: Feitian SCR301 00 00
1: German Privacy Foundation Crypto Stick v1.2 01 00

Fri Oct  8 10:34:55 2010
 Reader 0: Feitian SCR301 00 00
  Card state: Card inserted,
  ATR: 3B 9F 95 81 31 FE 9F 00 65 46 53 05 30 06 71 DF 00 00 00 81 61 10 C6

ATR: 3B 9F 95 81 31 FE 9F 00 65 46 53 05 30 06 71 DF 00 00 00 81 61 10 C6
+ TS = 3B -- Direct Convention
+ T0 = 9F, Y(1): 1001, K: 15 (historical bytes)
  TA(1) = 95 -- Fi=512, Di=16, 32 cycles/ETU
125000 bits/s at 4 MHz, fMax for Fi = 5 MHz = 156250 bits/s
  TD(1) = 81 -- Y(i+1) = 1000, Protocol T = 1
-
  TD(2) = 31 -- Y(i+1) = 0011, Protocol T = 1
-
  TA(3) = FE -- IFSC: 254
  TB(3) = 9F -- Block Waiting Integer: 9 - Character Waiting Integer: 15
+ Historical bytes: 00 65 46 53 05 30 06 71 DF 00 00 00 81 61 10
  Category indicator byte: 00 (compact TLV data object)
Tag: 6, len: 5 (pre-issuing data)
  Data: 46 53 05 30 06
Tag: 7, len: 1 (card capabilities)
  Selection methods: DF
- DF selection by full DF name
- DF selection by partial DF name
- DF selection by file identifier
- Implicit DF selection
- Short EF identifier supported
- Record number supported
- Record identifier supported
Tag: 0, len: 0 (unknown)
Tag: 0, len: 0 (unknown)
Tag: 0, len: 0 (unknown)
Mandatory status indicator (3 last bytes)
  LCS (life card cycle): 81 (Proprietary)
  SW: 6110 (0x10 bytes of response still available.)
+ TCK = C6 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 9F 95 81 31 FE 9F 00 65 46 53 05 30 06 71 DF 00 00 00 81 61 10 C6
3B 9F 95 81 31 FE 9F 00 65 46 53 05 .. 06 71 DF 00 00 00 .. .. .. ..
Feitian PKI (http://www.ftsafe.com/products/PKI-Card.html)
FTCOS/PK-01C

Fri Oct  8 10:34:55 2010
 Reader 1: German Privacy Foundation Crypto Stick v1.2 01 00
  Card state: Card inserted,
  ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C

ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
+ TS = 3B -- Direct Convention
+ T0 = DA, Y(1): 1101, K: 10 (historical bytes)
  TA(1) = 18 -- Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz = 161290 bits/s
  TC(1) = FF -- Extra guard time: 255 (special value)
  TD(1) = 81 -- Y(i+1) = 1000, Protocol T = 1
-
  TD(2) = B1 -- Y(i+1) = 1011, Protocol T = 1
-
  TA(3) = FE -- IFSC: 254
  TB(3) = 75 -- Block Waiting Integer: 7 - Character Waiting Integer: 5
  TD(3) = 1F -- Y(i+1) = 0001, Protocol T = 15 - Global interface bytes
following
-
  TA(4) = 03 -- Clock stop: not supported - Class accepted by the card:
(3G) A 5V B 3V
+ Historical bytes: 00 31 C5 73 C0 01 40 00 90 00
  Category indicator byte: 00 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
  Card service data byte: C5
- Application selection: by full DF name
- Application selection: by partial DF name
- EF.DIR and EF.ATR access services: by GET DATA command
- Card without MF
Tag: 7, len: 3 (card capabilities)
  Selection methods: C0
- DF selection by full DF name
- DF selection by partial DF name
  Data coding byte: 01
- Behaviour of write functions: one-time write
- Value 'FF' for the first byte of BER-TLV tag fields: invalid
- Data unit in quartets: 2
  Command chaining, length fields and logical channels: 40
- Extended Lc and Le fields
- Logical channel number assignment: No logical channel
- Maximum number of logical channels: 1
Mandatory status indicator (3 last bytes)
  LCS (life card cycle): 00 (No information given)
  SW: 9000 (Normal processing.)
+ TCK = 0C (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
GnuPG card V2
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

SCM SCR 201 PCMCIA or TI PCIxx12 smartcard reader

[Andreas Grassl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

does anybody know if the Microsystems SCM SCR 201 PCMCIA cardreader is
supported on Linux with the standard-approach?

found at ebay for example with the id 160211050548.

Or does anybody know how to get working the Texas Instruments PCIxx12
GemCore based SmartCard controller of a HPNC6400?

My system is Ubuntu Gutsy and I own a fsfe-card.

thanks a lot

greetings

ando

- --
 /\
 \ /  ASCII Ribbon
  Xagainst HTML email
 / \

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iQCVAwUBR8L9vSxC7ZRV6mG1AQLXlwP/Wmjx7oY0S2DQrbLcSoEHDJ3jVumiw3wG
nfXh0RkiItxlTmHI0fctadv2XcqLveia3SjHGOTFzYL8p7c6TvOztCk0AvLlwId3
yNPGDdfUTJ3853+6chtP+QdeuSgH/CBU/LFXc2TiwxzPdm/0xE2Rpjo5uG7BCPMt
qxDqdGBBpZI=
=PzcU
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem getting smartcard reader working !!!

[Matthias Kirschner]

* Jörg Schmitz-Linneweber [EMAIL PROTECTED] [2008-01-17 11:01:07 +0100]:

 The only known card which supports the OpenPGP card application is the 
 OpenPGP 
 card and the FSEcard...
 [ http://www.kernelconcepts.de/shop/products/security.shtml?hardware ]
 [ https://www.fsfe.org/card/ ]

Technically those cards are equal. 

Best wishes,
Matthias

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Problem getting smartcard reader working !!!

[Jörg Schmitz-Linneweber]

Hello Allan,

Am Sonntag, 13. Januar 2008 12:46 schrieb A C:
 ...
   I am having trouble getting my smartcard reader working.  At present I am
 using SuSE 10.3, and apparently it does identify the hardware ( combined
 keyboard and reader (  http://www.athena-scs.com/product.asp?pid=2 )).  I
 am sure that the RPM's are installed correctly, and the PCSC dameon is
 started. The card I am using is a Gemalto GemSafeXpresso 32 Kb.  Do you
 have any idea as to what the problem is?
Your card reader and your config are fine.

   5 - 2008-01-13 12:25:51 scdaemon[5347]: no supported card application
 found: Card error
This error message says it all! :-)

Your Gemalto card is lacking the OpenPGP (card) application.
The only known card which supports the OpenPGP card application is the OpenPGP 
card and the FSEcard...
[ http://www.kernelconcepts.de/shop/products/security.shtml?hardware ]
[ https://www.fsfe.org/card/ ]

You'll need such a card if you intend to use gpg whith smartcards.

HTH. Salut, Jörg

-- 
gpg/pgp key # 0xd7fa4512
fingerprint 4e89 6967 9cb2 f548 a806  7e8b fcf4 2053 d7fa 4512


pgp4fjeqVpQ4o.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Werner Koch]

On Mon, 12 Feb 2007 18:18, [EMAIL PROTECTED] said:

 There is no support for PIN pads when using pcscd.

 Is this a limitation of pcscd or of GnuPG?

The standard for accessing pinpads using PC/SC is relativley new.
However, we won't support it in GnuPG becuase scdaemon is the way we
go.


Salam-Shalom,

   Werner


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Werner Koch]

On Sun, 11 Feb 2007 15:44, [EMAIL PROTECTED] said:

  I tried to setup an external smartcard reader with a pinpad and on gentoo I 
 don't get it to work. 
  On an ubuntu-installation the pin isn't enterd by the external pinpad but by 
 the regualar keyboard and that works fine. 
  On gentoo I'm asked to enter the pin on the pinpad of the reader. After 
 entering it doesn't find the secret key. 

You need to make sure to use the interal CCID driver and not pcscd.
This requires proper setting of the permissions as explained int the
smart card how to and that you don't run pcscd!

To test this you should enter

debug-ccid-driver
debug 2048
log-file /somewhere/scdaemon.log

into scdaemon.conf and kill a running scdaemon process.  Instead of
the log file you may also use watchgnupg as explained in the manual.

There is no support for PIN pads when using pcscd.


Shalom-Salam,

   Werner



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Werner Koch]

On Sun, 11 Feb 2007 21:14, [EMAIL PROTECTED] said:

 For what it's worth, the external pinpad did start to work for me on
 Ubuntu for awhile.  But then I changed something and it stopped (it may
 have been enabling ssh support in the scdaemon -- I changed a few things
 and didn't keep track of exactly what it was).  So the external pinpad
 is very very close to working in Ubuntu.

I am pretty sure that this is a problem of the distribution.  The most
common problem is that pcscd has been started and thus gained
exclusive access to the reader.

BTW, I am using a Kobil Advanced reader all the day for ssh access as
well as for signing files.  The SPR532 does also work but the keyboard
of the KAAN has better keys.


Salam-Shalom,

   Werner



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Alex L. Mauer]

Werner Koch wrote:
 I am pretty sure that this is a problem of the distribution.  The most
 common problem is that pcscd has been started and thus gained
 exclusive access to the reader.

I'd agree, except that mine is now prompting, and accepting input from
the keyboard, for the PIN.  That's a symptom of the problem you describe
above, correct?

The previous pinpad problem I had was that it would prompt to use the
pinpad but then would fail after entering the PIN.  That's a separate
problem, correct?

-Alex Mauer hawke
-- 
Bad - You get pulled over for doing 90 in a school zone and you're drunk
off your ass again at three in the afternoon.
Worse - The cop is drunk too, and he's a mean drunk.
FUCK! - A mean drunk that's actually a swarm of semi-sentient
flesh-eating beetles.
OpenPGP key id: 51192FF2 @ subkeys.pgp.net



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Alex Mauer]

Werner Koch wrote:
 
 There is no support for PIN pads when using pcscd.

Is this a limitation of pcscd or of GnuPG?

It sounds like pcscd supports the pinpad as of 1.2.9. [1]

If it's a limitation of GnuPG, are there any plans to support it in future?

[1] http://lists.apple.com/archives/Apple-cdsa/2006/Jan/msg00107.html


-Alex Mauer hawke


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Michael Parker]

Hi, 
 
 I tried to setup an external smartcard reader with a pinpad and on gentoo I 
don't get it to work. 
 On an ubuntu-installation the pin isn't enterd by the external pinpad but by 
the regualar keyboard and that works fine. 
 On gentoo I'm asked to enter the pin on the pinpad of the reader. After 
entering it doesn't find the secret key. 
 
 Some details of my system: 
 
 It's a 
 
Code:
  Bus 002 Device 002: ID 04e6:e003 SCM Microsystems, Inc. SPR532 PinPad 
SmartCard Reader 
 
   
 
 gpg-agent.conf 
 
Code:
  pinentry-program /usr/bin/pinentry-qt 
 no-grab 
 default-cache-ttl 1800
   
 
 gpg.conf 
 
Code:
  grep -v ^# gpg.conf | grep -v ^$ 
 require-cross-certification 
 keyserver hkp://subkeys.pgp.net 
 hidden-encrypt-to 0219F045 
 hidden-encrypt-to 18BA2C46 
 default-recipient 0219F045 
 default-recipient 18BA2C46 
 use-agent 
 
   
 
 reader access works 
 gpg --card-status 
 
Code:

   Application ID ...: D27600012401010100010AA6 
 Version ..: 1.1 
 Manufacturer .: PPC Card Systems 
 ... 
 
   
 
 I tried those variations of useflags settings 
 
Code:
  emerge -tpv gnupg 
 Calculating dependencies... done! 
 [ebuild   R   ] app-crypt/gnupg-2.0.2  USE=X nls 
smartcard -bzip2 -doc -ldap -openct -pcsc-lite (-selinux) 0 kB 
 
 emerge -tpv gnupg 
 
 These are the packages that would be merged, in reverse order: 
 
 Calculating dependencies... done! 
 [ebuild   R   ] app-crypt/gnupg-2.0.2  USE=X nls pcsc-lite 
smartcard -bzip2 -doc -ldap -openct (-selinux) 0 kB 
 
   
 
 gpg-agent is running 
 
Code:
  ps ax | grep agent 
 23837 ?Ss 0:00 gpg-agent --daemon 
 
   
 
 installed software 
 
Code:
   app-crypt/gnupg 
   Latest version available: 2.0.2 
   Latest version installed: 2.0.2 
   Size of files: 3,876 kB 
   Homepage:  http://www.gnupg.org/ 
   Description:   The GNU Privacy Guard, a GPL pgp replacement 
   License:   GPL-2 
 
 
  app-crypt/pinentry 
   Latest version available: 0.7.2-r2 
   Latest version installed: 0.7.2-r2 
   Size of files: 389 kB 
   Homepage:  http://www.gnupg.org/aegypten/ 
   Description:   Collection of simple PIN or passphrase entry dialogs 
which utilize the Assuan protocol 
   License:   GPL-2 
 
 sys-apps/pcsc-lite 
   Latest version available: 1.3.1-r1 
   Latest version installed: 1.3.1-r1 
   Size of files: 822 kB 
   Homepage:  http://www.linuxnet.com/middle.html 
   Description:   PC/SC Architecture smartcard middleware library 
   License:   as-is 
 
 sys-libs/libchipcard 
   Latest version available: 2.1.8 
   Latest version installed: 2.1.8 
   Size of files: 974 kB 
   Homepage:  http://www.libchipcard.de 
   Description:   Libchipcard is a library for easy access to chip cards 
via chip card readers (terminals). 
   License:   GPL-2 
 
 *  dev-libs/opensc 
   Latest version available: 0.10.1 
   Latest version installed: 0.10.1 
   Size of files: 1,275 kB 
   Homepage:  http://www.opensc.org/ 
   Description:   SmartCard library and applications 
   License:   LGPL-2 
 
 *  dev-libs/openct 
   Latest version available: 0.6.6 
   Latest version installed: 0.6.6 
   Size of files: 550 kB 
   Homepage:  http://opensc.org/ 
   Description:   library for accessing smart card terminals 
   License:   BSD 
 
   
 
 Does the external pinpad in between work at all under linux ? 
 If ubuntu is configured that way, so pins are still enterd by the regular 
keybord, how do I configure it the same with gentoo ?
Do I have to change my software/configuration ? 
 
 Any hints will be appreciated 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Michael Parker]

On Sunday 11 February 2007 17:42, Alon Bar-Lev wrote:

 If you use opensc enabled card, is the PKCS#11 provider works with the
 external PIN pad?
 You can test it using firefox or pkcs11-tool.

 If yes, you can use the gnupg-pkcs11-scd.


Hi Alon,

thanks for the hint !
I don't know if I get it.

For example:
when I try
pkcs11-tool -L

I get:

winscard_clnt.c:320:SCardEstablishContextTH() Cannot open public shared 
file: /var/run/pcscd.pub
Available slots:
Slot 0   (empty)
Slot 1   (empty)
Slot 2   (empty)
Slot 3   (empty)
Slot 4   (empty)
Slot 5   (empty)
Slot 6   (empty)
Slot 7   (empty)

which doesn't mean a think to me.

I don't think that this is the reason for my problem. A year ago it already 
worked with the exception that there was not popup asking me to enter the pin 
by the cardreader.
As I mentioned the ubuntu-distribution behaves different.

Kind regards,
Michael

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Alon Bar-Lev]

On 2/11/07, Michael Parker [EMAIL PROTECTED] wrote:
 For example:
 when I try
 pkcs11-tool -L

 I get:

 winscard_clnt.c:320:SCardEstablishContextTH() Cannot open public shared
 file: /var/run/pcscd.pub
 Available slots:
 Slot 0   (empty)
 Slot 1   (empty)
 Slot 2   (empty)
 Slot 3   (empty)
 Slot 4   (empty)
 Slot 5   (empty)
 Slot 6   (empty)
 Slot 7   (empty)

Strange... It seems like the pcscd is not up...
Can you check it out?

 I don't think that this is the reason for my problem. A year ago it already
 worked with the exception that there was not popup asking me to enter the pin
 by the cardreader.

So you will be able to reach at least the same state... :)

 As I mentioned the ubuntu-distribution behaves different.

But you said ubuntu does not use the external PIN PAD...

Regards,
Alon Bar-Lev.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Michael Parker]

On Sunday 11 February 2007 19:34, Alon Bar-Lev wrote:

 Strange... It seems like the pcscd is not up...
 Can you check it out?

ok, I did a
 
/etc/init.d/pcscd start
 * Starting pcscd ...   

I get in /var/log/messages
Feb 11 20:03:36 zaphod su(pam_unix)[3950]: session opened for user root by 
(uid=500)
Feb 11 20:06:18 zaphod pcscd: configfile.l:106:evaluatetoken() Error with 
device GEN_SMART_RDR: No such file or directory
Feb 11 20:06:18 zaphod pcscd: configfile.l:107:evaluatetoken() You should 
use 'DEVICENAME /dev/null' if your driver does not use this field
Feb 11 20:06:18 zaphod pcscd: configfile.l:127:evaluatetoken() Error with 
library /usr/lib/readers/usb/libgen_ifd.so: No such file or directory
Feb 11 20:06:18 zaphod pcscd: pcscdaemon.c:489:at_exit() cleaning /var/run
Feb 11 20:06:18 zaphod pcscd: pcscdaemon.c:508:clean_temp_files() Cannot 
unlink /var/run/pcscd.comm: No such file or directory


 But you said ubuntu does not use the external PIN PAD...
That would be fine with me, because the pinpad wasn't supported in the past at 
all.

Kind regards,
Michael

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Alon Bar-Lev]

On 2/11/07, Michael Parker [EMAIL PROTECTED] wrote:
  But you said ubuntu does not use the external PIN PAD...
 That would be fine with me, because the pinpad wasn't supported in the past at
 all.

Oh... I thought you wish to use the external PIN PAD...
You can work with MUSCLE mailing list in order to make pcscd work...
Sorry I cannot help you further...

Regards,
Alon Bar-Lev.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: external pinpad, gnupg, SPR532 PinPad SmartCard Reader

[Alex L. Mauer]

Michael Parker wrote:
 Hi, 
  
  I tried to setup an external smartcard reader with a pinpad and on gentoo I 
 don't get it to work. 
  On an ubuntu-installation the pin isn't enterd by the external pinpad but by 
 the regualar keyboard and that works fine. 
  On gentoo I'm asked to enter the pin on the pinpad of the reader. After 
 entering it doesn't find the secret key. 
  

For what it's worth, the external pinpad did start to work for me on
Ubuntu for awhile.  But then I changed something and it stopped (it may
have been enabling ssh support in the scdaemon -- I changed a few things
and didn't keep track of exactly what it was).  So the external pinpad
is very very close to working in Ubuntu.

-Alex Mauer hawke
-- 
Bad - You get pulled over for doing 90 in a school zone and you're drunk
off your ass again at three in the afternoon.
Worse - The cop is drunk too, and he's a mean drunk.
FUCK! - A mean drunk that's actually a swarm of semi-sentient
flesh-eating beetles.
OpenPGP key id: 51192FF2 @ subkeys.pgp.net



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Smartcard reader and SUSE 10.1

[Werner Dittmann]

All,

after having tried all howTos now I'm sort of stuck. I have read
the e-mail thread of Tony Whitmore and Werner Koch - bur this also
does not contains a solution.

My errors are the same as Tony describes. Just to get some more
information I put a error printout in the gnupg-ccid script to get
the info which parameters are given to that script. I see the
following input:

add, /proc/bus/usb/001/010

this is an add operation to the device in /proc/

The I tried to lookup the device doing a

ls /proc/bus/usb/001/010

gives me a file or directory not found err message.
Doing a

ls /dev/bus/usb/001/010

shows a file there. I can even read from that device (under
root doing a cat /dev/bus/usb/001/010 gives some binary data.

My conclusion is that something is very wrong here :-)

Regards,
Werner


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Smartcard reader and SUSE 10.1

[Werner Dittmann]

All,

after having tried all howTos now I'm sort of stuck. I have read
the e-mail thread of Tony Whitmore and Werner Koch - bur this also
does not contains a solution.

My errors are the same as Tony describes. Just to get some more
information I put a error printout in the gnupg-ccid script to get
the info which parameters are given to that script. I see the
following input:

add, /proc/bus/usb/001/010

this is an add operation to the device in /proc/

The I tried to lookup the device doing a

ls /proc/bus/usb/001/010

gives me a file or directory not found err message.
Doing a

ls /dev/bus/usb/001/010

shows a file there. I can even read from that device (under
root doing a cat /dev/bus/usb/001/010 gives some binary data.

My conclusion is that something is very wrong here :-)

Regards,
Werner

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users