Re: OpenPGP smartcard - authentication key

Wed, 04 May 2005 04:36:02 -0700 

Hi,

Werner Koch wrote:

The other thing is (more an OpenSSH question) how to tell openssh to
use the key from the card?


This is easier: Just install gnupg 1.9.16, read the manual of the
scdaemon and gpg-agent and enable ssh-support.  Works very well,
unless you want to use the reader aso with gnupg 1.4 - this won't work
becuase scdaemon/gpg-agent have exclusive access to the reader. I am
working on this; it will need changes in scdaemon and gpg 1.4.

OK, I have gnupg 1.9.16 installed now and configured scdaemon to connect with ctapi driver directly to the reader. (gpg-agent not running as daemon yet)

I get the following now:

- gpg --card-status does still work (gnupg 1.4.0)
- gpg2 --card-status shows

[EMAIL PROTECTED]:~/.gnupg> gpg2 --card-status
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: WARNING: This version of gpg is not very matured and
gpg: WARNING: only intended for testing. Please keep using
gpg: WARNING: gpg 1.2.x, 1.3.x or 1.4.x for OpenPGP
gpg: DBG: connection to agent established
scdaemon[9212]: NOTE: this is a development version!
scdaemon[9212]: updating status of slot 0 to 0x0007
gpg-agent[9211]: card has S/N: D2760001240101010001000004B00000
scdaemon[9212]: app_readcert failed: Nicht unterstÃtzte Verarbeitungsaufgabe
gpg-agent[9211]: error reading certificate: Nicht unterstÃtzte Verarbeitungsaufgabe
gpg-agent[9211]: command learn failed: Nicht unterstÃtzte Verarbeitungsaufgabe
gpg: OpenPGP card not available: Nicht unterstÃtzte Verarbeitungsaufgabe
[EMAIL PROTECTED]:~/.gnupg> scdaemon[9212]: ct_activate_card(0): activation failed: okay
scdaemon[9212]: DBG: received data: 62 01

What does it mean?

In addition I tried to understand the documentation correctly but failed :-(

As soon as gpg-agent is running with --enable-ssh-support it will emulate the ssh-agent behaviour and I can add keys with ssh-add as before. But I haven't found an information how to add the authentication key from the OpenPGP card as SSH key.

Thanks,
 Wolfgang

_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to