Mailing List Archive

Smart card works with GPG v1 but not with GPG v2 on Ubuntu
hello

I have a CryptoStick v1.2 and am trying to get it to work with gpg 2.0.17
on Ubuntu 12.04.2

It works perfectly when I use gpg v14.11 and I am trying to figure out what
to do to get gpg2 to work would any people have suggestion?

$ /usr/bin/gpg --card-status
Application ID ...: B0000000000000000000000000000000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 00999999
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Signature PIN ....: forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

(NB: Application ID / Serial number redacted)

Now problem begins if I try to use GPG2

$ /usr/bin/gpg2 --card-status
gpg: selecting openpgp failed: Unsupported certificate
gpg: OpenPGP card not available: Unsupported certificate

$ GPG_AGENT_INFO= gpg2 --card-status
gpg-agent[3434]: can't connect to the SCdaemon: IPC connect call failed
gpg: OpenPGP card not available: No SmartCard daemon

And syslog entries when connecting cryptostick:
kernel: [ 1111.106918] usb 3-2: new full-speed USB device number 8 using
xhci_hcd
kernel: [ 1111.124152] usb 3-2: New USB device found, idVendor=20a0,
idProduct=4107
kernel: [ 1111.124160] usb 3-2: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
kernel: [ 1111.124164] usb 3-2: Product: Crypto Stick v1.2
kernel: [ 1111.124167] usb 3-2: Manufacturer: German Privacy Foundation
kernel: [ 1111.124573] usb 3-2: ep 0x81 - rounding interval to 128
microframes, ep desc says 192 microframes
mtp-probe: checking bus 3, device 8:
"/sys/devices/pci0000:00/0000:00:14.0/usb3/3-2"
mtp-probe: bus: 3, device: 8 was not an MTP device
[ 1113.231440] xhci_hcd 0000:00:14.0: WARN Event TRB for slot 7 ep 4 with
no TDs queued?
[ 1113.231450] xhci_hcd 0000:00:14.0: WARN Event TRB for slot 7 ep 3 with
no TDs queued?
[ 1113.231454] xhci_hcd 0000:00:14.0: WARN Event TRB for slot 7 ep 2 with
no TDs queued?
[ 1113.231457] xhci_hcd 0000:00:14.0: WARN Event TRB for slot 7 ep 0 with
no TDs queued?
Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu [ In reply to ]
On 6/29/2013 2:49 PM, Jan Geep wrote:
> hello
>
> I have a CryptoStick v1.2 and am trying to get it to work with gpg
> 2.0.17 on Ubuntu 12.04.2
>
> It works perfectly when I use gpg v14.11 and I am trying to figure out
> what to do to get gpg2 to work would any people have suggestion?

Did you install the libccid and pcscd packages, as described at
https://www.crypto-stick.com/start ?

If that doesn't work, also try installing the gpgsm package -- for
whatever reason, my Crypto Stick didn't work until I installed that
package. If the package is removed, the Crypto Stick stops working. This
was the case for several Ubuntu and Mint systems, even fresh-from-the-CD
systems I created in VMs for testing, though your mileage may vary.

Cheers!
-Pete

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu [ In reply to ]
On Sat, Jun 29, 2013 at 3:09 PM, Pete Stephenson <pete@heypete.com> wrote:

> Did you install the libccid and pcscd packages, as described at
> https://www.crypto-stick.com/start ?
>
> If that doesn't work, also try installing the gpgsm package
>

Thanks Pete, I had the first two installed but not gpgsm, installed it but
still no go.

$ dpkg -l | egrep 'libccid|pcscd|gpgsm'
ii gpgsm 2.0.17-2ubuntu2.12.04.2 GNU privacy guard - S/MIME version
ii libccid 1.4.5-1 PC/SC driver for USB
CCID smart card readers
ii pcscd 1.7.4-2ubuntu2 Middleware to access a smart
card using PC/SC (daemon side)
Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu [ In reply to ]
On 6/29/2013 5:20 PM, Jan Geep wrote:
> On Sat, Jun 29, 2013 at 3:09 PM, Pete Stephenson <pete@heypete.com
> <mailto:pete@heypete.com>> wrote:
>
> Did you install the libccid and pcscd packages, as described at
> https://www.crypto-stick.com/start ?
>
> If that doesn't work, also try installing the gpgsm package
>
>
> Thanks Pete, I had the first two installed but not gpgsm, installed it
> but still no go.

Alas, I'm out of ideas -- it's always worked for me (though it's
basically been cargo-cult troubleshooting in my case, as I don't really
see why gpgsm would magically make things work as it doesn't seem really
related to the Crypto Stick).

Hopefully others on the list can be more helpful.

Cheers!
-Pete

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu [ In reply to ]
On 29/06/13 17:24, Pete Stephenson wrote:
> as I don't really see why gpgsm would magically make things work as it
> doesn't seem really related to the Crypto Stick).

On Ubuntu 12.04, the gpgsm package contains the scdaemon, the smart card daemon.
So that's understandable that it needs to be installed.

On 13.04, they moved it to the separate scdaemon package.

GnuPG v1 can work without gpg-agent and scdaemon, but GnuPG v2 cannot. So the
problem is somewhere there.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu [ In reply to ]
On 6/29/2013 7:56 PM, Peter Lebbing wrote:
> On 29/06/13 17:24, Pete Stephenson wrote:
>> as I don't really see why gpgsm would magically make things work as it
>> doesn't seem really related to the Crypto Stick).
>
> On Ubuntu 12.04, the gpgsm package contains the scdaemon, the smart card daemon.
> So that's understandable that it needs to be installed.
>
> On 13.04, they moved it to the separate scdaemon package.

Ok, but isn't pcscd the scdaemon? On Ubuntu 12.10 and before I'd install
the libccid and pcscd packages and the Crypto Stick still wouldn't work
even though scdaemon was installed and configured. The Crypto Stick
wouldn't work at all until I installed gpgsm.

I admit to being a bit out of date in regards to testing the 13.04
release because I've been a bit too preoccupied with outside stuff to
tinker much, but hopefully things have improved. :)

Cheers!
-Pete

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu [ In reply to ]
On Sa, Jun 29 2013, Pete Stephenson wrote:

> Ok, but isn't pcscd the scdaemon?

No. Actually, I don’t know anything about the Crypto Stick but I’m
using an OpenPGP smartcard. I don’t need pcscd at all. In fact, on
one of my machines pcscd was installed and interfered with scdaemon.
I wrote about what I learned at [1].

My advice: Uninstall pcscd and re-try.

Best wishes
Jens

[1] https://blogs.fsfe.org/jens.lechtenboerger/2013/04/19/how-to-set-up-your-fellowship-card/

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart card works with GPG v1 but not with GPG v2 on Ubuntu [ In reply to ]
On Sun, 30 Jun 2013 11:04,
cloudpg@informationelle-selbstbestimmung-im-internet.de said:

> No. Actually, I don’t know anything about the Crypto Stick but I’m
> using an OpenPGP smartcard. I don’t need pcscd at all. In fact, on

However, you need make to sure that scdaemon has the permission to
write to the smartCard reader USB device. This is a matter of Proper
Hotplug/udev/systemd/whatever configuration.

Pcscd runs as root an thus you won't run into permission problems.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users