subject:"Fwd\: gnupg SmartCard V3.3"

Re: Fwd: gnupg SmartCard V3.3

2018-03-01 Thread Matthias Apitz

El día Thursday, March 01, 2018 a las 09:14:15AM +0900, NIIBE Yutaka escribió:

> Hello,
> 
> Werner Koch  wrote:
> > @gniibe: Do you have any more up to date information on macOS and
> > smartcard readers?
> 
> If possible, I recommend to use GnuPG's in-stock driver to access
> smartcard.  It is direct access by libusb, not using PC/SC service.
> 
> For GNU/Linux, if you don't have any other use of PC/SC service, please
> uninstall it, or disable the service, and try again with GnuPG's
> in-stock driver.
> 
> For the driver, I maintain this list:
> 
> https://wiki.debian.org/GnuPG/CCID_Driver
> 
> For macOS, I think that it still uses old PC/SC and libccid library.
> I'm afraid that new readers (with new features like pinpad support)
> don't work well, or don't work at all.
> 

Hello,

I do yous the following USB token ond FreeBSD-12 CURRENT and the 'pcscd'
is configured to be started by devd on device attach:

Mar  1 08:00:56 r314251-amd64 kernel: ugen0.2:  at usbus0
Mar  1 08:00:56 r314251-amd64 root: CCID uTrust, type: ATTACH, system: USB, 
subsystem: INTERFACE
Mar  1 08:00:56 r314251-amd64 root: /usr/local/sbin/pcscd
Mar  1 08:00:56 r314251-amd64 root: Unknown USB device: vendor 0x04e6 product 
0x5816 bus uhub0

The OpenPGP card works fine as:

$ gpg2 --card-status

Reader ...: Identiv uTrust 3512 SAM slot Token (55511514602745)
00 00
Application ID ...: D2760001240102010005532B
Version ..: 2.1
Manufacturer .: ZeitControl
Serial number : 532B
Name of cardholder: Matthias Apitz
...

Do I have any chance to use the USB token and the card directly without
'pcscd'?

Thanks

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/   
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: gnupg SmartCard V3.3

2018-02-28 Thread NIIBE Yutaka

Hello,

Werner Koch  wrote:
> @gniibe: Do you have any more up to date information on macOS and
> smartcard readers?

If possible, I recommend to use GnuPG's in-stock driver to access
smartcard.  It is direct access by libusb, not using PC/SC service.

For GNU/Linux, if you don't have any other use of PC/SC service, please
uninstall it, or disable the service, and try again with GnuPG's
in-stock driver.

For the driver, I maintain this list:

https://wiki.debian.org/GnuPG/CCID_Driver

For macOS, I think that it still uses old PC/SC and libccid library.
I'm afraid that new readers (with new features like pinpad support)
don't work well, or don't work at all.

I need macOS developers who build GnuPG with libusb.  Currently, GnuPG
scdaemon uses PC/SC service on macOS and Windows.  On GNU/Linux, people
can use both ways (in-stock driver or PC/SC).

> - Cherry GmbH SmartBoard XX44

  02 Short APDU level exchange

Because of this limitation, this reader cannot handle larger APDU (~=
packet), which is needed for recent RSA key size.  You can still use it
with RSA-1024.

> -  KOBIL EMV CAP - SecOVID Reader III

  bPINSupport: 0x03
 PIN Verification supported
 PIN Modification supported

I'm afraid it doesn't work on macOS.

> - Alcor Micro AU9540 00 00

I had a bug report with this reader: 

https://dev.gnupg.org/T1947

I think it now works fine by GnuPG's in-stock driver on GNU/Linux.
Please test.

It seems that this reader has a problem in PC/SC service, and it's not
supported by PC/SC-lite + libccid.

   https://pcsclite.alioth.debian.org/ccid/unsupported.html#0x058F0x9540

*   *   *

Supporting users' freedom on computing (for their privacy in digital
world), I need have/collect/maintain knowledge of those hardware.

But... when there is a problem, it tends to be because of bad firmware
implementation, which is proprietary.  In the proprietary world, the
practice is... to be "fixed" in the proprietary driver (than the
firmware).  But that "fix" has tendency not to be published to users or
developers of free software.

For me, it's a pity that I somehow need to have knowledge around those
proprietary firmware.

Perhaps, someday, in free software, I will write CCID reader
implementation which accesses smartcard, by free software (I mean,
development environment), for free software (= GnuPG maintenance); Then,
we can proceed to free firmware of smartcard itself.

# About ten years ago, I didn't take that approach but a short cut, that
# was Gnuk.  The reason was that it was difficult to find hardware
# vendors which allowed developing free firmware implementation of
# smartcard.

Having free CCID reader implementation still makes sense, to encourage
free firmware implementation of smartcard.  I'd like to work for some
part this year.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: gnupg SmartCard V3.3

2018-02-28 Thread Werner Koch

On Tue, 27 Feb 2018 01:04, k...@glsys.de said:

> gpg2 --version is 2.1.11

That is a pretty old an somewhat buggy version which will likely have
problems with newer smartcards.

> Tried gpg (GnuPG/MacGPG2) 2.2.3
> on a completely different machine (mac)

That version is recent enough and as long as macOS is properly
configured for the card it will work.  You maywant to ask over at
gpgtools.org, though.

> Tried three different card-reader:
> - Cherry GmbH SmartBoard XX44

IIRC that is the old Omnikey reader based keyboard.  I have one myself.
It does not work with 2048 bit keys unless you use their Windows driver.

> -  KOBIL EMV CAP - SecOVID Reader III

I am not sure which reader this is, I had to dump my Kobil reader a logn
time ago wehn I moved to 2048 bit keys.  The problem is slightly
different than with Omnicard keys but I can't remember the details.

> - Alcor Micro AU9540 00 00

I am not sure about them.  Quite some time ago they simply did not worked.

@gniibe: Do you have any more up to date information on macOS and
smartcard readers?


Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpw4K8cDI0C4.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Fwd: gnupg SmartCard V3.3

2018-02-26 Thread Klaus Römer


Hello,
i bought two V3.3 cards, but can`t get them to work …
the keytocard command does not move the key but copy it and further on the gpg2 
--card-status -> fetch 
followed by gpg2 --card-status does not create the stub keys, so gpg2 
--list-secret-keys does not show any keys ...
I have the same (rsa4096) sub-key loaded to each slot 1,2,3 eg SEA and 
card-status does show them … 
gpg2 --version is 2.1.11


I did further tests by calling gpg2 —card-edit -> generate with keylength 2048 
and 4096 which fail with „card-error“ 

Tried gpg (GnuPG/MacGPG2) 2.2.3
on a completely different machine (mac)

Tried the other card (i bought two with consecutive serial numbers)

Tried three different card-reader:
- Cherry GmbH SmartBoard XX44
-  KOBIL EMV CAP - SecOVID Reader III
- Alcor Micro AU9540 00 00

Can anybody help?

Kind Regards,
Klaus

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Fwd: gnupg SmartCard V3.3

Re: Fwd: gnupg SmartCard V3.3

Re: Fwd: gnupg SmartCard V3.3

Fwd: gnupg SmartCard V3.3

4 matches

Site Navigation

Mail list logo

Footer information