Hi, and thank you for your help,
Le 07/09/2017 à 08:06, Alexander Paetzelt | Nitrokey a écrit :
I got this working some weeks ago for testing purposes. I did what's
written here
https://www.nitrokey.com/documentation/applications#p:nitrokey-pro&os:linux&a:computer-login
Why do you think, poldi-ctrl is not there for 0.4? I used 0.4.1 and had
it (on ArchLinux though). You may have to use root rights to use
poldi-ctrl?
In fact poldi-ctrl is not included in the debian/ubuntu package.
The NEWS file in /usr/share/doc/libpam-poldi even states, at the very
beginning:
"Changes since version 0.4.1:
* poldi-ctrl is removed
Please use gpg-connect-agent instead."
That said, I could compile poldi-ctrl from source to get the config file
I needed.
The steps I followed are:
$ git clone https://github.com/chrisboyle/poldi.git
$ sudo apt install libgpg-error-dev
$ sudo apt install libpam0g-dev
$ sudo apt install libgcrypt20-dev
$ ./configure;make
then poldi-ctrl is in poldi/src/ctrl/poldi-ctrl
I had to stop the running scdaemon to get it working, and poldi-ctrl -k
finally gave me the right incantations.
So I now have it running. Now, the Debian packager, and even the upstram
doc writer seem to think I should use gpg-agent...
So, anyone has an idea about why this fails:
$ gpg-connect-agent "/datafile myfile" "SCD READKEY --advanced
OPENPGP.3" /bye
ERR 100663414 Identifiant incorrect <SCD>
Regards,
Franck
Kind regards
Alex
On 09/06/2017 11:30 AM, Franck Routier (perso) wrote:
Hi,
I am trying to get into smartcard usage, and would want to allow
Authentication on my system with an OpenPGP Card (FSFE Fellowship
smartcard).
As I understand it (I might be wrong), the right pam module is Poldi.
According to the Texinfo page (info poldi), current version is 0.4,
and lacks the previous poldi-ctrl utility, so I have to create some
config file manually.
Specifically, here is the example that is given:
First, the system administrator has to associate the user moritz
with
the card's serial number:
$ echo "D2760001240101010001000006550000 moritz" >>
/etc/poldi/localdb/users
Second, the system administrator needs to write the card's key
into a
card-specific key file. Therefore he inserts Moritz' smartcard and
executes:
$ gpg-connect-agent "/datafile
/etc/poldi/localdb/keys/D2760001240101010001000006550000" "SCD READKEY
--advanced OPENPGP.3" /bye
My problem is that the command gpg-connect-agent "/datafile myfile"
"SCD READKEY --advanced OPENPGP.3" /bye returns an error:
ERR 100663414 Identifiant incorrect <SCD>
Can anyone help me on this ? (or is there a better way to authenticate
using an OpenPGP smartcard ?) (or is it just a bad idea ?)
Thanks in advance
Franck
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users