Comments (14)
Does it look like another burp of the exclusive open that GnuPG deamons do?
from opensc.
When I tried to use MyEID card with gpg I found this page.. gpg can be used with any pkcs#11 token so it can also be used with Yubikey
https://sztsian.github.io/2022/02/20/Using-PKCS11-Token-With-GPG.html
from opensc.
One more option is to use pcsc-shared
option to the scdaemon, that should prevent it using the exclusive access to the pcscd. Unless the Debian builds the gnupg with the bundled ccid driver which makes things much more ugly:
from opensc.
Yes maybe, but I would expect that if the reader is ignored, opensc wouldn't take a lock on it at all
from opensc.
gnupg in debian is indeed built with the internal ccid driver, but it can be disabled with an option at runtime: https://sources.debian.org/src/gnupg2/2.2.40-1.1/doc/scdaemon.texi/?hl=273#L273
I'll try the pcsc-shared
option
from opensc.
pcsc-shared
doesn't seems to work either ?!
from opensc.
Since this topic regularely comes up, I've created some information in the wiki:
https://github.com/OpenSC/OpenSC/wiki/GnuPG-and-OpenSC
Feel free to add or modify.
from opensc.
@frankmorgner Thanks for the document.
Unfortunately none of the options are working for me
But the real question for opensc, is why doesn't the ignored_readers
or card_drivers
without openpgp is still locking the reader
Edit: Note that the PIV applet is disabled on the yubikey
from opensc.
Please add a log from OpenSC with ignored_readers and/or card_drivers set. I doubt that the options are ignored and/or that OpenSC is permanently locking the token.
from opensc.
OK I think I found something
If the yubikey is already plugged when the process is started/at boot and then I'm running gpg --card-status
, it's working fine:
opensc-debug_already_plugged.txt
But if I'm plugging the Yubikey while opensc is already loaded by a process/after boot, it's not:
opensc-debug.txt
Configuration of opensc is the following:
app default {
debug = 9;
debug_file = /home/bigon/opensc-debug.txt;
ignored_readers = "Yubico YubiKey";
}
Config of scdaemon
:
bigon@eriador:~$ cat .gnupg/scdaemon.conf
pcsc-driver /usr/lib/x86_64-linux-gnu/libpcsclite.so.1
card-timeout 5
disable-ccid
pcsc-shared
from opensc.
I note that your fingerprint reader also uses PCSC.
Google for: Broadcom Corp 58200 "PCSC"
A pcsc log might also help, as it maybe locking up there, as the last line in opensc-debug.txt is waiting it. And the library that called OpenSC was /usr/libexec/gsd-smartcard
Google for: gsd-smartcard
from opensc.
The log shows that OpenSC is ignoring the Yubikey and that it connects using a shared connection. I think you should now debug scdaemon (GnuPG) on what the problem could be.
from opensc.
Thanks for your time, I'll continue to debug this and let you know
from opensc.
Hello
FTR: http://lists.infradead.org/pipermail/pcsclite-muscle/2024-January/001449.html
from opensc.
Related Issues (20)
- reader configuration partially skipped If SCardControl missing HOT 7
- C_Login failed: rv = CKR_USER_PIN_NOT_INITIALIZED (0x102) HOT 1
- Towards new release 0.25.0 HOT 8
- Resetting library state HOT 23
- Possibility of another JPKI ATR HOT 8
- segmentation fault on linux using cherry reader with pinpad HOT 5
- Signing a PDF in Adobe Acrobat on macOS using the brand new driver for D-TRUST 4.1 Std. Card only works once. HOT 10
- Private Key Objects of D-TRUST Card 4.1 Multi ECC 2 are not regcognized HOT 1
- Error: Could not add card "/usr/local/lib/opensc-pkcs11-local.so": agent refused operation HOT 2
- New epass2003 token fails to initialize with error `Failed to create PKCS #15 meta structure: Card command failed` HOT 23
- Update Links in README.md before making a release HOT 2
- Building eOI (Slovenian eID) on ubuntu 22.04 HOT 12
- Compiling on Windows ignores CNGSDK_INCL_DIR and CPDK_INCL_DIR env. variables values HOT 2
- Problems with test scripts HOT 9
- Reselection of DF after failure in `sc_pkcs15_decipher` function HOT 5
- PIN change fails with CKR_PIN_LEN_RANGE because current PIN is too long HOT 10
- RFE: tools add --module-init arg for non-standard NSS softokn configDir HOT 5
- ActivIdentity Activkey_Sim 00 00 HOT 3
- CI: Check if refresh in documentation is needed
- doc: Python wrapper HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.