(Resurrecting a long-idle thread. Sorry.) This issue has also propagated to Linux Mint 14, an Ubuntu derivative. I was having difficulty using my German Privacy Foundation Crypto Stick with Mint or Ubuntu.
While it doesn't solve the underlying issue (that is, the gnome-keyring agent doesn't play nice with smartcards), one can easily disable the offending agent and thus restore normal GPG operations in the following ways ***** Unity desktop (GUI method): ***** MATE (fork of GNOME 2) desktop (GUI method): Click "Menu" --> "Preferences" --> "Startup Applications". Uncheck the GPG Password Agent (it appears twice as the "GNOME Keyring" and "MATE Keyring"). ***** MATE (fork of GNOME 2) desktop (command line method): 1. Open a terminal. 2. Execute the following commands as your user account (root is not required): mkdir ~/.config/autostart cp /etc/xdg/autostart/gnome-keyring-gpg.desktop ~/.config/autostart/ echo "X-MATE-Autostart-enabled=false" >> ~/.config/autostart/gnome-keyring-gpg.desktop 3. Log out of your session and log back in. 4. Test to make sure things are working. ***** Cinnamon (or Unity) desktop: 1. Open a terminal. 2. Execute the following commands as your user account (root is not required): mkdir ~/.config/autostart cp /etc/xdg/autostart/gnome-keyring-gpg.desktop ~/.config/autostart/ echo "X-GNOME-Autostart-enabled=false" >> ~/.config/autostart/gnome-keyring-gpg.desktop 3. Log out of your session and log back in. 4. Test to make sure things are working. ***** How to test if things are working: 1. Open a terminal. 2. Execute the following command as your user account (root is not required): echo $GPG_AGENT_INFO 3. a. If "S.gpg-agent" (or nothing, in the case of Unity, oddly enough) appears in the result, GPG will use the normal GPG agent. (Example: "/home/pete/.gnupg/S.gpg-agent:2120:1") b. If "keyring" appears in the result, GPG will use the GNOME keyring agent and you will likely not be able to access the smartcard. (Example "/run/user/pete/keyring-k4pQam/gpg:0:1") The exact paths, usernames, and numbers in the responses will vary. This is normal. It's the presence of either "S.gpg-agent" or "keyring" that identify which agent is being used. 4. Run "gpg2 --card-status" (or "gpg --card-status" if you don't have gnupg2 installed) to verify that GPG is able to communicate with the card. ***** Even though it doesn't solve the underlying problem, I hope this workaround is helpful. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(3, "SCD SERIALNO openpgp", 20) = 20 write(3, "\n", 1) = 1 read(3, "ERR 103 unknown command\n", 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(4, "HAVEKEY 62B64B58FF1BD7E0B48FE51A"..., 48) = 48 write(4, "\n", 1) = 1 read(4, "ERR 103 unknown command\n", 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line ("--daemonize --login"). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
