Prevents gnupg to work with a smartcard/yubikey about opensc HOT 14 CLOSED

Does it look like another burp of the exclusive open that GnuPG deamons do?

from opensc.

When I tried to use MyEID card with gpg I found this page.. gpg can be used with any pkcs#11 token so it can also be used with Yubikey

https://sztsian.github.io/2022/02/20/Using-PKCS11-Token-With-GPG.html

from opensc.

One more option is to use pcsc-shared option to the scdaemon, that should prevent it using the exclusive access to the pcscd. Unless the Debian builds the gnupg with the bundled ccid driver which makes things much more ugly:

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=configure.ac;h=c21138641f031d425fbca8b46a0471e77e51b644;hb=HEAD#l452

from opensc.

Yes maybe, but I would expect that if the reader is ignored, opensc wouldn't take a lock on it at all

from opensc.

gnupg in debian is indeed built with the internal ccid driver, but it can be disabled with an option at runtime: https://sources.debian.org/src/gnupg2/2.2.40-1.1/doc/scdaemon.texi/?hl=273#L273

I'll try the pcsc-shared option

from opensc.

pcsc-shared doesn't seems to work either ?!

from opensc.

Since this topic regularely comes up, I've created some information in the wiki:

https://github.com/OpenSC/OpenSC/wiki/GnuPG-and-OpenSC

Feel free to add or modify.

from opensc.

@frankmorgner Thanks for the document.

Unfortunately none of the options are working for me

But the real question for opensc, is why doesn't the ignored_readers or card_drivers without openpgp is still locking the reader

Edit: Note that the PIV applet is disabled on the yubikey

from opensc.

Please add a log from OpenSC with ignored_readers and/or card_drivers set. I doubt that the options are ignored and/or that OpenSC is permanently locking the token.

from opensc.

OK I think I found something

If the yubikey is already plugged when the process is started/at boot and then I'm running gpg --card-status, it's working fine:
opensc-debug_already_plugged.txt

But if I'm plugging the Yubikey while opensc is already loaded by a process/after boot, it's not:
opensc-debug.txt

Configuration of opensc is the following:

app default {
        debug = 9;
        debug_file = /home/bigon/opensc-debug.txt;
        ignored_readers = "Yubico YubiKey";
}

Config of scdaemon:

bigon@eriador:~$ cat .gnupg/scdaemon.conf 
pcsc-driver /usr/lib/x86_64-linux-gnu/libpcsclite.so.1
card-timeout 5
disable-ccid
pcsc-shared

from opensc.

I note that your fingerprint reader also uses PCSC.
Google for: Broadcom Corp 58200 "PCSC"

A pcsc log might also help, as it maybe locking up there, as the last line in opensc-debug.txt is waiting it. And the library that called OpenSC was /usr/libexec/gsd-smartcard

Google for: gsd-smartcard

from opensc.

The log shows that OpenSC is ignoring the Yubikey and that it connects using a shared connection. I think you should now debug scdaemon (GnuPG) on what the problem could be.

from opensc.

Thanks for your time, I'll continue to debug this and let you know

from opensc.

Hello

FTR: http://lists.infradead.org/pipermail/pcsclite-muscle/2024-January/001449.html

from opensc.