-
Notifications
You must be signed in to change notification settings - Fork 711
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevents gnupg to work with a smartcard/yubikey #2980
Comments
Does it look like another burp of the exclusive open that GnuPG deamons do? |
Yes maybe, but I would expect that if the reader is ignored, opensc wouldn't take a lock on it at all |
When I tried to use MyEID card with gpg I found this page.. gpg can be used with any pkcs#11 token so it can also be used with Yubikey https://sztsian.github.io/2022/02/20/Using-PKCS11-Token-With-GPG.html |
One more option is to use |
gnupg in debian is indeed built with the internal ccid driver, but it can be disabled with an option at runtime: https://sources.debian.org/src/gnupg2/2.2.40-1.1/doc/scdaemon.texi/?hl=273#L273 I'll try the |
|
Since this topic regularely comes up, I've created some information in the wiki: https://github.com/OpenSC/OpenSC/wiki/GnuPG-and-OpenSC Feel free to add or modify. |
@frankmorgner Thanks for the document. Unfortunately none of the options are working for me But the real question for opensc, is why doesn't the Edit: Note that the PIV applet is disabled on the yubikey |
Please add a log from OpenSC with ignored_readers and/or card_drivers set. I doubt that the options are ignored and/or that OpenSC is permanently locking the token. |
OK I think I found something If the yubikey is already plugged when the process is started/at boot and then I'm running But if I'm plugging the Yubikey while opensc is already loaded by a process/after boot, it's not: Configuration of opensc is the following:
Config of
|
I note that your fingerprint reader also uses PCSC. A pcsc log might also help, as it maybe locking up there, as the last line in opensc-debug.txt is waiting it. And the library that called OpenSC was Google for: gsd-smartcard |
The log shows that OpenSC is ignoring the Yubikey and that it connects using a shared connection. I think you should now debug scdaemon (GnuPG) on what the problem could be. |
Thanks for your time, I'll continue to debug this and let you know |
Hello,
Problem Description
I'm running on debian unstable. I've issue for a long time to use my gpg card and/or my yubikey to sign messages with gpg.
It seems that the problem comes from the opensc-pkcs11 module being loaded by GNOME
I need to restart pcscd to be able to use my gpg card.
I tried to use
ignored_readers
andcard_drivers
to ignore my yubikey but it seems that opensc is still locking it?Proposed Resolution
Steps to reproduce
pkcs11-register
will add the module to the user configuration and browser (which is a good thing!)gpg --card-status
gpg --card-status
complains that:Logs
Is that a bug? Any advises here would be nice
The text was updated successfully, but these errors were encountered: