Hello,
I tried to set up a German Privacy Foundation CryptoStick v1.2 [1]
OpenPGP smart card on OS X 10.6. After downloading the latest GPGTools
package everything worked almost smoothly.
- scdaemon by default wants to connect to the reader in exclusive
mode. This will fail if OpenSC.tokend (which also has support for
OpenPGP cards) is installed, as it opens a shared session to the card
after it has been plugged in.
- scdaemon seems to hang every now and then, the tip from the
internet to "kill scdaemon and plug your device in one more time"
seems to work. I have not debugged this, but it might be useful
Whether using exclusive mode is right or wrong (this has been heavily
debated several times on opensc-devel), it would be nice if the user
at least had an option to tune this behaviour ("require exclusive mode
(on by default)" vs "work in shared mode, with transactions")
I could provide a patch for a "more permissive co-operation mode" by
default (meaning disable exclusive mode in scdaemon). Also, one of the
reasons for playing with crypto stick is 4k RSA keys in hardware,
which are supported by the device but not possible without patching
GnuPG [2]
As Ubuntu 11.04 has some unidentified problems with the device which I
don't have the time to debug (as I'm using gpg2 only to initialize the
card) I'll stick to GPGTools, which is also the platform of my laptop.
Would you consider applying the necessary patches to make the most out
of CryptoStick + GPGTools + OpenSC? I could look into providing
pullable changes after I've digested how building the full installer
from Github works..
Best,
Martin
P.S.: why does the -devel list require subscription to view the
archives? Should I write there instead or is it a semi-closed list?
[1] http://www.privacyfoundation.de/crypto_stick/crypto_stick_english/
[2] https://www.privacyfoundation.de/wiki/CryptoStickSoftwareEn#A4096_Bit_keys
_______________________________________________
gpgtools-users mailing list
gpgtools-users@lists.gpgtools.org
FAQ: http://www.gpgtools.org/faq.html
Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users
Unsubscribe:
http://lists.gpgtools.org/mailman/options/gpgtools-users/arch...@mail-archive.com?unsub=Unsubscribe&unsubconfirm=1
This email sent to: arch...@mail-archive.com
