I didn't read this list for a while, so forgive me if this was discussed before.
For many years I have used gpg and gpg-agent with ssh support with an OpenPGP smartcard. On every ubuntu upgrade I had to fiddle a little bit to have gpg-agent act for ssh auth. No big deal usually. But this time, after the usual fiddling, I have it working nicely for ssh and evolution. But now it's the direct usage of gpg on the command line that is giving me a hard time. This aspect always worked out of the box so far. I use the stock versions from the ubuntu 16.04 repository: gnupg 1.4.20-1ubuntu3 gnupg2 2.1.11-6ubuntu2 gnupg-agent 2.1.11-6ubuntu2 scdaemon 2.1.11-6ubuntu2 In ~/.bashrc I terminate gpg-agent if it was started without ssh support, and start it again with: /usr/bin/gpg-agent --daemon --enable-ssh-support > /dev/null Now if I want to decrypt a file: gpg -d Dokumente/somefile.txt.gpg gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AAAAAAA … gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e) gpg: Kartenleser ist nicht vorhanden gpg --use-agent -d Dokumente/somefile.txt.gpg gpg: Anonymer Empfänger; Versuch mit geheimem Schlüssel 0AAAAAAA … gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e) gpg: Kartenleser ist nicht vorhanden gpg2 -d Dokumente/somefile.txt.gpg gpg: verschlüsselt mit RSA Schlüssel, ID 00000000 gpg: Entschlüsselung fehlgeschlagen: Kein geheimer Schlüssel gpg --card-status gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e) gpg: Kartenleser ist nicht vorhanden gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler gpg2 --card-status Reader ...........: ... Application ID ...: ... Version ..........: 2.0 Manufacturer .....: ZeitControl All this was never a problem until now. Are there any tricks to get the interfacing with smartcards working smoother again? If I powercycle the smartcard, and kill scdaemon, It will first ask me for the other smart card that contains the master key. If I don't provide this, I could not figure out how to decrypt the file. The only way was to plugin in that other smart card, and have gpg find out that this is not the one we need. Then it asks me to plug in the card that I indeed need. Now I can enter the pin, but strangely in the console, and not the pinentry window. With this awkward workflow I am able to decrypt the file. Rgds Richard _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
