Re: Fwd: gnupg SmartCard V3.3
El día Thursday, March 01, 2018 a las 09:14:15AM +0900, NIIBE Yutaka escribió: > Hello, > > Werner Kochwrote: > > @gniibe: Do you have any more up to date information on macOS and > > smartcard readers? > > If possible, I recommend to use GnuPG's in-stock driver to access > smartcard. It is direct access by libusb, not using PC/SC service. > > For GNU/Linux, if you don't have any other use of PC/SC service, please > uninstall it, or disable the service, and try again with GnuPG's > in-stock driver. > > For the driver, I maintain this list: > > https://wiki.debian.org/GnuPG/CCID_Driver > > For macOS, I think that it still uses old PC/SC and libccid library. > I'm afraid that new readers (with new features like pinpad support) > don't work well, or don't work at all. > Hello, I do yous the following USB token ond FreeBSD-12 CURRENT and the 'pcscd' is configured to be started by devd on device attach: Mar 1 08:00:56 r314251-amd64 kernel: ugen0.2: at usbus0 Mar 1 08:00:56 r314251-amd64 root: CCID uTrust, type: ATTACH, system: USB, subsystem: INTERFACE Mar 1 08:00:56 r314251-amd64 root: /usr/local/sbin/pcscd Mar 1 08:00:56 r314251-amd64 root: Unknown USB device: vendor 0x04e6 product 0x5816 bus uhub0 The OpenPGP card works fine as: $ gpg2 --card-status Reader ...: Identiv uTrust 3512 SAM slot Token (55511514602745) 00 00 Application ID ...: D2760001240102010005532B Version ..: 2.1 Manufacturer .: ZeitControl Serial number : 532B Name of cardholder: Matthias Apitz ... Do I have any chance to use the USB token and the card directly without 'pcscd'? Thanks matthias -- Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: gnupg SmartCard V3.3
Hello, Werner Kochwrote: > @gniibe: Do you have any more up to date information on macOS and > smartcard readers? If possible, I recommend to use GnuPG's in-stock driver to access smartcard. It is direct access by libusb, not using PC/SC service. For GNU/Linux, if you don't have any other use of PC/SC service, please uninstall it, or disable the service, and try again with GnuPG's in-stock driver. For the driver, I maintain this list: https://wiki.debian.org/GnuPG/CCID_Driver For macOS, I think that it still uses old PC/SC and libccid library. I'm afraid that new readers (with new features like pinpad support) don't work well, or don't work at all. I need macOS developers who build GnuPG with libusb. Currently, GnuPG scdaemon uses PC/SC service on macOS and Windows. On GNU/Linux, people can use both ways (in-stock driver or PC/SC). > - Cherry GmbH SmartBoard XX44 02 Short APDU level exchange Because of this limitation, this reader cannot handle larger APDU (~= packet), which is needed for recent RSA key size. You can still use it with RSA-1024. > - KOBIL EMV CAP - SecOVID Reader III bPINSupport: 0x03 PIN Verification supported PIN Modification supported I'm afraid it doesn't work on macOS. > - Alcor Micro AU9540 00 00 I had a bug report with this reader: https://dev.gnupg.org/T1947 I think it now works fine by GnuPG's in-stock driver on GNU/Linux. Please test. It seems that this reader has a problem in PC/SC service, and it's not supported by PC/SC-lite + libccid. https://pcsclite.alioth.debian.org/ccid/unsupported.html#0x058F0x9540 * * * Supporting users' freedom on computing (for their privacy in digital world), I need have/collect/maintain knowledge of those hardware. But... when there is a problem, it tends to be because of bad firmware implementation, which is proprietary. In the proprietary world, the practice is... to be "fixed" in the proprietary driver (than the firmware). But that "fix" has tendency not to be published to users or developers of free software. For me, it's a pity that I somehow need to have knowledge around those proprietary firmware. Perhaps, someday, in free software, I will write CCID reader implementation which accesses smartcard, by free software (I mean, development environment), for free software (= GnuPG maintenance); Then, we can proceed to free firmware of smartcard itself. # About ten years ago, I didn't take that approach but a short cut, that # was Gnuk. The reason was that it was difficult to find hardware # vendors which allowed developing free firmware implementation of # smartcard. Having free CCID reader implementation still makes sense, to encourage free firmware implementation of smartcard. I'd like to work for some part this year. -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: gnupg SmartCard V3.3
On Tue, 27 Feb 2018 01:04, k...@glsys.de said: > gpg2 --version is 2.1.11 That is a pretty old an somewhat buggy version which will likely have problems with newer smartcards. > Tried gpg (GnuPG/MacGPG2) 2.2.3 > on a completely different machine (mac) That version is recent enough and as long as macOS is properly configured for the card it will work. You maywant to ask over at gpgtools.org, though. > Tried three different card-reader: > - Cherry GmbH SmartBoard XX44 IIRC that is the old Omnikey reader based keyboard. I have one myself. It does not work with 2048 bit keys unless you use their Windows driver. > - KOBIL EMV CAP - SecOVID Reader III I am not sure which reader this is, I had to dump my Kobil reader a logn time ago wehn I moved to 2048 bit keys. The problem is slightly different than with Omnicard keys but I can't remember the details. > - Alcor Micro AU9540 00 00 I am not sure about them. Quite some time ago they simply did not worked. @gniibe: Do you have any more up to date information on macOS and smartcard readers? Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpw4K8cDI0C4.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: gnupg SmartCard V3.3
Hello, i bought two V3.3 cards, but can`t get them to work … the keytocard command does not move the key but copy it and further on the gpg2 --card-status -> fetch followed by gpg2 --card-status does not create the stub keys, so gpg2 --list-secret-keys does not show any keys ... I have the same (rsa4096) sub-key loaded to each slot 1,2,3 eg SEA and card-status does show them … gpg2 --version is 2.1.11 I did further tests by calling gpg2 —card-edit -> generate with keylength 2048 and 4096 which fail with „card-error“ Tried gpg (GnuPG/MacGPG2) 2.2.3 on a completely different machine (mac) Tried the other card (i bought two with consecutive serial numbers) Tried three different card-reader: - Cherry GmbH SmartBoard XX44 - KOBIL EMV CAP - SecOVID Reader III - Alcor Micro AU9540 00 00 Can anybody help? Kind Regards, Klaus ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users