subject:"Re\: GnuPG \&\& card readers"

Re: GnuPG && card readers

2017-05-24 Thread Matthias Apitz

El día lunes, mayo 22, 2017 a las 04:02:35p. m. +0200, Hans Petter Selasky 
escribió:

> 
> Might be. Try to enable the debug messages after boot.
> 
> --HPS

I'm attaching to messages with debug (hw.usb.uhub.debug=16) enabled:

msg3:

-- device was not attached on power-on boot
-- set
   # sysctl hw.usb.uhub.debug=16
-- attaching the device at 14:28:03++
-- device successful seen at 14:28:05



msg4:

-- device was not attached on power-on boot
-- set at 10:21:08
   # sysctl hw.usb.uhub.debug=16
-- attaching the device at 10:21:08++
-- not seen until reboot at 10:21:37


I only see in msg4 that there is nothing to see :-)

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.

remarks on this:

-- device was not attached on power-on boot
-- set
   # sysctl hw.usb.uhub.debug=16
-- attaching the device at 14:28:03++
-- successful seen at 14:28:05

May 23 14:28:03 c720-r314251 kernel: usb_needs_explore: 
May 23 14:28:03 c720-r314251 kernel: usb_bus_powerd: bus=0xfefed428
May 23 14:28:03 c720-r314251 kernel: usb_bus_powerd: Recomputing power masks
May 23 14:28:03 c720-r314251 kernel: uhub_explore: udev=0xf80003b38000 
addr=1
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 1, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 2, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 3, 
wPortStatus=0x0503, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 4, 
wPortStatus=0x0103, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: usb_needs_explore: 
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 5, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 6, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 7, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: usb_bus_powerd: bus=0xfe0001079cd8
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 8, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: usb_bus_powerd: Recomputing power masks
May 23 14:28:03 c720-r314251 kernel: uhub_explore: udev=0xf80005075000 
addr=1
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 9, 
wPortStatus=0x0780, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 10, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 11, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 12, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 13, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 1, 
wPortStatus=0x0501, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:03 c720-r314251 kernel: uhub_read_port_status: port 2, 
wPortStatus=0x0500, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:04 c720-r314251 kernel: usb_needs_explore: 
May 23 14:28:04 c720-r314251 kernel: usb_bus_powerd: bus=0xfefed428
May 23 14:28:04 c720-r314251 kernel: usb_bus_powerd: Recomputing power masks
May 23 14:28:04 c720-r314251 kernel: uhub_explore: udev=0xf80003b38000 
addr=1
May 23 14:28:04 c720-r314251 kernel: uhub_read_port_status: port 1, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:04 c720-r314251 kernel: uhub_read_port_status: port 2, 
wPortStatus=0x07a0, wPortChange=0x0001, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:04 c720-r314251 kernel: uhub_reattach_port: reattaching port 2
May 23 14:28:04 c720-r314251 kernel: uhub_read_port_status: port 2, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:04 c720-r314251 kernel: uhub_read_port_status: port 3, 
wPortStatus=0x0503, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:04 c720-r314251 kernel: uhub_read_port_status: port 4, 
wPortStatus=0x0103, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May 23 14:28:04 c720-r314251 kernel: uhub_read_port_status: port 5, 
wPortStatus=0x07a0, wPortChange=0x, err=USB_ERR_NORMAL_COMPLETION
May

Re: GnuPG && card readers

2017-05-22 Thread Hans Petter Selasky


On 05/22/17 15:00, Matthias Apitz wrote:


Until now, and I tried a lot of time, I could never catch the situation
"USB device connected before power-on, device not detected at boot" when
booting with verbose messages, and I wanted to have it to get more
messages. Maybe it's just some kind of timing issue...

matthias



Might be. Try to enable the debug messages after boot.

--HPS
___
freebsd-usb@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-usb
To unsubscribe, send any mail to "freebsd-usb-unsubscr...@freebsd.org"

Re: GnuPG && card readers

2017-05-22 Thread Matthias Apitz


Until now, and I tried a lot of time, I could never catch the situation
"USB device connected before power-on, device not detected at boot" when
booting with verbose messages, and I wanted to have it to get more
messages. Maybe it's just some kind of timing issue...

matthias
-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.


signature.asc
Description: PGP signature

Re: GnuPG && card readers

2017-05-22 Thread Matthias Apitz

El d�a Monday, May 22, 2017 a las 02:11:04PM +0200, Hans Petter Selasky 
escribi�:

> >Did you try this device with another real machine?
> >
> >Maybe it is a bug with the Acer C720 netbook's USB controllers that
> >someone needs to look into?
> >

Hi,

I will try this at home with my E6330 Dell laptop.

> There are some debug knobs under:
> 
> sysctl -a hw.usb |grep debug
> 
> which you might turn on and compare the output from the two systems, like:
> 
> sysctl hw.usb.uhub.debug=16

Can I set this as well in loader.conf for debug the boot?

matthias

-- 
Matthias Apitz   |  /"\   ASCII Ribbon Campaign:
E-mail: g...@unixarea.de |  \ /   - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ |   X- No proprietary attachments
phone: +49-176-38902045  |  / \   - Respect for open standards
 | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign
___
freebsd-usb@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-usb
To unsubscribe, send any mail to "freebsd-usb-unsubscr...@freebsd.org"

Re: GnuPG && card readers

2017-05-22 Thread Hans Petter Selasky


On 05/22/17 14:09, Hans Petter Selasky wrote:

On 05/11/17 11:02, Matthias Apitz wrote:

root@c720-r314251:~ # /usr/local/sbin/pcscd --debug --foreground
 pcscdaemon.c:346:main() pcscd set to foreground with debug 
send to stdout
0550 configfile.l:358:DBGetReaderList() Parsing conf file: 
/usr/local/etc/reader.conf.d

0049 pcscdaemon.c:655:main() pcsc-lite 1.8.20 daemon ready.

i.e. the line about hotplug_libusb.c:440:HPEstablishUSBNotifications()
does not show up; and a truss shows that is is doing/waiting on
something on a dev; it is very slow doing some ioctls:

openat(AT_FDCWD,"/dev/usbctl",O_RDONLY,00) = 11 (0xb)
ioctl(11,USB_READ_DIR,0xdfdfcb38) = 0 (0x0)
openat(AT_FDCWD,"/dev/ugen1.1",O_RDWR,00) = 12 (0xc)
ioctl(12,USB_GET_PLUGTIME,0xdfdfcb1c) = 0 (0x0)
ioctl(12,USB_GET_DEVICE_DESC,0xdfdfcb20) = 0 (0x0)
ioctl(12,USB_GET_DEVICEINFO,0xdfdfccb0) = 0 (0x0)


Hi,

Did you try this device with another real machine?

Maybe it is a bug with the Acer C720 netbook's USB controllers that 
someone needs to look into?




There are some debug knobs under:

sysctl -a hw.usb |grep debug

which you might turn on and compare the output from the two systems, like:

sysctl hw.usb.uhub.debug=16

--HPS

___
freebsd-usb@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-usb
To unsubscribe, send any mail to "freebsd-usb-unsubscr...@freebsd.org"

Re: GnuPG && card readers

2017-05-11 Thread Matthias Apitz

El día jueves, mayo 11, 2017 a las 08:58:44a. m. +0200, Matthias Apitz escribió:

> > El día martes, mayo 09, 2017 a las 09:36:37p. m. +0200, Alexander Leidinger 
> > escribió:
> > 
> > > It's not FreeBSD which needs the support. gnupg comes with the  
> > > drivers, FreeBSD only needs to see "a device on the bus", that's enough.
> > > 
> > > Check out the ports security/opensc amd devel/libccid (and gnupg needs  
> > > to be build with the SCDAEMON option of the port). This will bring in  
> > > the pcsc-lite port as a depedency. Those are the "drivers" for USB  
> > > card readers if you want to use them beyond what gnupg will do.
> > > 
> > > ...
> 
> I installed the mentioned ports and enabled the start in /etc/rc.conf with
> 
> pcscd_enable="YES"
> 
> but this would make hang the system on startup/boot:
> 
> 25038  1  S+ 0:00,02 /bin/sh /usr/local/etc/rc.d/pcscd start
> 25043  1  S+ 0:00,01 /usr/local/sbin/pcscd
> 25044  1  S+ 0:00,01 /usr/local/sbin/pcscd
> 


interestingly to note: I have the exact same system (12-CURRENT r314251 and 
with same ports
from my own pkg repository out of poudriere) in a VBOX machine; when I start 
there the pcscd
in foreground and with --debug it says:


root@r314251-amd64:~ # /usr/local/sbin/pcscd --debug --foreground
 pcscdaemon.c:346:main() pcscd set to foreground with debug send to 
stdout
0516 configfile.l:358:DBGetReaderList() Parsing conf file: 
/usr/local/etc/reader.conf.d
0043 pcscdaemon.c:655:main() pcsc-lite 1.8.20 daemon ready.
00010018 hotplug_libusb.c:440:HPEstablishUSBNotifications() Driver 
ifd-ccid.bundle does not support IFD_GENERATE_HOTPLUG. Using active polling 
instead.
0124 hotplug_libusb.c:449:HPEstablishUSBNotifications() Polling forced 
every 1 second(s)

and a truss on the PID shows that is is really polling once every second:

...
openat(AT_FDCWD,"/dev/ugen1.1",O_RDWR,00)= 7 (0x7)
openat(AT_FDCWD,"/dev/ugen1.1",O_RDWR,00)= 8 (0x8)
ioctl(8,USB_GET_PLUGTIME,0xdfdfcddc) = 0 (0x0)
ioctl(7,USB_GET_CONFIG,0xdfdfce44)   = 0 (0x0)
close(8) = 0 (0x0)
close(7) = 0 (0x0)
openat(AT_FDCWD,"/dev/ugen1.1",O_RDWR,00)= 7 (0x7)
openat(AT_FDCWD,"/dev/ugen1.1",O_RDWR,00)= 8 (0x8)
...

On the other system, an Acer C720 netbook, it says only:

root@c720-r314251:~ # /usr/local/sbin/pcscd --debug --foreground
 pcscdaemon.c:346:main() pcscd set to foreground with debug send to 
stdout
0550 configfile.l:358:DBGetReaderList() Parsing conf file: 
/usr/local/etc/reader.conf.d
0049 pcscdaemon.c:655:main() pcsc-lite 1.8.20 daemon ready.

i.e. the line about hotplug_libusb.c:440:HPEstablishUSBNotifications()
does not show up; and a truss shows that is is doing/waiting on
something on a dev; it is very slow doing some ioctls:

openat(AT_FDCWD,"/dev/usbctl",O_RDONLY,00)   = 11 (0xb)
ioctl(11,USB_READ_DIR,0xdfdfcb38)= 0 (0x0)
openat(AT_FDCWD,"/dev/ugen1.1",O_RDWR,00)= 12 (0xc)
ioctl(12,USB_GET_PLUGTIME,0xdfdfcb1c)= 0 (0x0)
ioctl(12,USB_GET_DEVICE_DESC,0xdfdfcb20) = 0 (0x0)
ioctl(12,USB_GET_DEVICEINFO,0xdfdfccb0)  = 0 (0x0)

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
___
freebsd-usb@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-usb
To unsubscribe, send any mail to "freebsd-usb-unsubscr...@freebsd.org"

Re: GnuPG && card readers

2017-05-11 Thread Matthias Apitz

> El día martes, mayo 09, 2017 a las 09:36:37p. m. +0200, Alexander Leidinger 
> escribió:
> 
> > It's not FreeBSD which needs the support. gnupg comes with the  
> > drivers, FreeBSD only needs to see "a device on the bus", that's enough.
> > 
> > Check out the ports security/opensc amd devel/libccid (and gnupg needs  
> > to be build with the SCDAEMON option of the port). This will bring in  
> > the pcsc-lite port as a depedency. Those are the "drivers" for USB  
> > card readers if you want to use them beyond what gnupg will do.
> > 
> > ...

I installed the mentioned ports and enabled the start in /etc/rc.conf with

pcscd_enable="YES"

but this would make hang the system on startup/boot:

25038  1  S+ 0:00,02 /bin/sh /usr/local/etc/rc.d/pcscd start
25043  1  S+ 0:00,01 /usr/local/sbin/pcscd
25044  1  S+ 0:00,01 /usr/local/sbin/pcscd

What I have done wrong?

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.
___
freebsd-usb@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-usb
To unsubscribe, send any mail to "freebsd-usb-unsubscr...@freebsd.org"

Re: GnuPG && card readers

2017-05-10 Thread Matthias Apitz

El día martes, mayo 09, 2017 a las 09:36:37p. m. +0200, Alexander Leidinger 
escribió:

> Quoting Matthias Apitz  (from Tue, 9 May 2017  
> 11:47:29 +0200):
> 
> > Hello,
> >
> > The GnuPG project has a list of supported (USB) card readers:
> >
> > https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2503342
> >
> > Any comments or experiences about which of them are supported in  
> > FreeBSD 12-C?
> > Best would be the smallest one to carry it all day in the bag.
> 
> It's not FreeBSD which needs the support. gnupg comes with the  
> drivers, FreeBSD only needs to see "a device on the bus", that's enough.
> 
> Check out the ports security/opensc amd devel/libccid (and gnupg needs  
> to be build with the SCDAEMON option of the port). This will bring in  
> the pcsc-lite port as a depedency. Those are the "drivers" for USB  
> card readers if you want to use them beyond what gnupg will do.
> 
> You need to pay attention that the card reader support "extended  
> APDUs" (or support for digital signatures, which is more likely to be  
> announced in marketing material from the vendor). It may be OK without  
> extended APDUs if you only use OpenPGP v2 cards and generate the  
> keys/certs on the card itself, but if you want to go for bigger keys  
> than documented to work on the cards (I was able to put 4k-keys on the  
> OpenPGP v2 cards) the extended APDUs are needed. If the reader is CCID  
> compatible, the libccid driver will probably work. You can use the  
> opensc and pcsc-lite tools to transfer certs to the card which you  
> created with openssl (e.g. 4k keys).

Alexander,

Thanks for your explanations. I will opt for the Omnikey 6121 Mobile USB
and see what I can do with it. It sells for around 20 euro, shipping
to .de included.

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
___
freebsd-usb@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-usb
To unsubscribe, send any mail to "freebsd-usb-unsubscr...@freebsd.org"

Re: GnuPG && card readers

2017-05-09 Thread Alexander Leidinger

Quoting Matthias Apitz  (from Tue, 9 May 2017  
11:47:29 +0200):



Hello,

The GnuPG project has a list of supported (USB) card readers:

https://gnupg.org/howtos/card-howto/en/smartcard-howto-single.html#id2503342

Any comments or experiences about which of them are supported in  
FreeBSD 12-C?

Best would be the smallest one to carry it all day in the bag.


It's not FreeBSD which needs the support. gnupg comes with the  
drivers, FreeBSD only needs to see "a device on the bus", that's enough.


Check out the ports security/opensc amd devel/libccid (and gnupg needs  
to be build with the SCDAEMON option of the port). This will bring in  
the pcsc-lite port as a depedency. Those are the "drivers" for USB  
card readers if you want to use them beyond what gnupg will do.


You need to pay attention that the card reader support "extended  
APDUs" (or support for digital signatures, which is more likely to be  
announced in marketing material from the vendor). It may be OK without  
extended APDUs if you only use OpenPGP v2 cards and generate the  
keys/certs on the card itself, but if you want to go for bigger keys  
than documented to work on the cards (I was able to put 4k-keys on the  
OpenPGP v2 cards) the extended APDUs are needed. If the reader is CCID  
compatible, the libccid driver will probably work. You can use the  
opensc and pcsc-lite tools to transfer certs to the card which you  
created with openssl (e.g. 4k keys).


Bye,
Alexander.

--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.orgnetch...@freebsd.org  : PGP 0x8F31830F9F2772BF


pgpK4xoerpunU.pgp
Description: Digitale PGP-Signatur

Re: GnuPG && card readers

Re: GnuPG && card readers

Re: GnuPG && card readers

Re: GnuPG && card readers

Re: GnuPG && card readers

Re: GnuPG && card readers

Re: GnuPG && card readers

Re: GnuPG && card readers

Re: GnuPG && card readers

9 matches

Site Navigation

Mail list logo

Footer information