Hello,
I have now the GnuPG card working fine for signing mails, SSH access and
even for using GnuPG crypted credentials in Firefox. The last issue I'm
struggling with is the use of card removal and card insert via the
'scd-event' to lock and unlock the KDE desktop.
The script 'scd-event' is only invoked on card removal (I do just en
echo of the args):
scd-event --reader-port 0 --old-code 0x0007 --new-code 0x --status NOCARD
A card insert is only seen *after* some agent requires something, for
example the SSH client needs access to the secret key on the card; than
it says:
scd-event --reader-port 0 --old-code 0x --new-code 0x0007 --status
USABLE
On the UNIX system level the card insert triggers via devd(8) the start
of /usr/local/sbin/pcscd and the card removal triggers a 'killall pcscd'.
This is working fine, i.e. an inserted card is useable immediately, requesting
the PIN entry.
I created a file scdaemon.conf to get debug information, here is the
resulting log:
...
2017-07-04 11:33:51 scdaemon[4945.802016000] DBG: enter: apdu_get_status:
slot=0 hang=0
2017-07-04 11:33:51 scdaemon[4945.802016000] DBG: leave: apdu_get_status =>
sw=0x0 status=7
2017-07-04 11:33:52 scdaemon[4945.802016000] DBG: enter: apdu_get_status:
slot=0 hang=0
now the card is removed and /usr/local/sbin/pcscd is killed
2017-07-04 11:33:52 scdaemon[4945.802016000] pcsc_get_status_change failed: no
service (0x8010001d)
2017-07-04 11:33:52 scdaemon[4945.802016000] DBG: leave: apdu_get_status =>
sw=0x1000c status=0
2017-07-04 11:33:52 scdaemon[4945.802016000] DBG: Removal of a card: 0
2017-07-04 11:33:52 scdaemon[4945.802016000] DBG: enter: apdu_close_reader:
slot=0
2017-07-04 11:33:52 scdaemon[4945.802016000] DBG: enter: apdu_disconnect: slot=0
2017-07-04 11:33:52 scdaemon[4945.802016000] pcsc_disconnect failed: no service
(0x8010001d)
2017-07-04 11:33:52 scdaemon[4945.802016000] DBG: leave: apdu_disconnect =>
sw=0x1000a
2017-07-04 11:33:52 scdaemon[4945.802016000] DBG: apdu_close_reader => 0x1000a
(apdu_disconnect)
2017-07-04 11:33:52 scdaemon[4945.802016000] DBG: leave: apdu_close_reader =>
0x0 (close_reader)
now scdaemon sits there, the card was already inserted again, nothing
happens
now SSH needs the key, this awakes scdaemon again and it sees the card:
2017-07-04 11:34:28 scdaemon[4945.802017900] DBG: chan_7 <- SERIALNO
2017-07-04 11:34:28 scdaemon[4945.802017900] DBG: enter: apdu_open_reader:
portstr=(null)
2017-07-04 11:34:28 scdaemon[4945.802017900] detected reader 'Identiv uTrust
3512 SAM slot Token (55511514602745) 00 00'
2017-07-04 11:34:28 scdaemon[4945.802017900] detected reader ''
2017-07-04 11:34:28 scdaemon[4945.802017900] reader slot 0: not connected
2017-07-04 11:34:28 scdaemon[4945.802017900] DBG: leave: apdu_open_reader =>
slot=0 [pc/sc]
2017-07-04 11:34:28 scdaemon[4945.802017900] DBG: enter: apdu_connect: slot=0
2017-07-04 11:34:28 scdaemon[4945.802017900] DBG: feature: code=12, len=4,
v=42330012
2017-07-04 11:34:28 scdaemon[4945.802017900] DBG: TLV properties: tag=01,
len=2, v=
2017-07-04 11:34:28 scdaemon[4945.802017900] DBG: TLV properties: tag=03,
len=1, v=
What should be changed too let scdaemon see the card insertion?
Thanks
matthias
--
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.
signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users