Bug#925312: pcscd: Does not work if "used" in wrong order
Hello Joerg, I have no news from you since 3 months now. I documented the problem and solution at https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html With no news from you I will consider that the problem is fixed with my solution and close this Debian bug. Regards, Le 24/03/2019 à 22:15, Ludovic Rousseau a écrit : Le 24/03/2019 à 22:05, Ludovic Rousseau a écrit : Le 24/03/2019 à 21:19, Joerg Jaspert a écrit : On 15351 March 1977, Ludovic Rousseau wrote: I think I found the problem. I think my system disagrees. :) In my case "gpg --card-status" works only if pcscd is NOT running. GnuPG has its own way to access the smart card readers (here a yubikey) Its a yubikey here too. I propose two possible solutions: 1. remove pcscd from your system but that is a drastic change. No PC/SC application will work any more. Not a good thing, it's there for a reason. And I know it worked in stretch. 2. configure scdaemon to NOT use its internal CCID driver but use the PC/SC interface instead To make option 2 just edit/create the scdaemon configuration file as bellow: $ cat ~/.gnupg/scdaemon.conf disable-ccid Done that. Doesn't do anything. Logged out. Killed gpg agent (just in case). Rebooted (damn system, maybe). Nope, nothing. Same behaviour as before. :-( Before you restart pcscd, can you see your YubiKey listed by the pcsc_scan command (from the pcsc-tools package)? Does "gpg --card-status" works as expected? Once you have restarted pcscd, can you see your YubiKey listed by the pcsc_scan command? Does "gpg --card-status" works as expected? What are the USB VendorID & ProductID of your YukiKey token? You can just attach the output of lsusb. Thanks -- Dr. Ludovic Rousseau
Bug#925312: pcscd: Does not work if "used" in wrong order
Le 24/03/2019 à 22:05, Ludovic Rousseau a écrit : Le 24/03/2019 à 21:19, Joerg Jaspert a écrit : On 15351 March 1977, Ludovic Rousseau wrote: I think I found the problem. I think my system disagrees. :) In my case "gpg --card-status" works only if pcscd is NOT running. GnuPG has its own way to access the smart card readers (here a yubikey) Its a yubikey here too. I propose two possible solutions: 1. remove pcscd from your system but that is a drastic change. No PC/SC application will work any more. Not a good thing, it's there for a reason. And I know it worked in stretch. 2. configure scdaemon to NOT use its internal CCID driver but use the PC/SC interface instead To make option 2 just edit/create the scdaemon configuration file as bellow: $ cat ~/.gnupg/scdaemon.conf disable-ccid Done that. Doesn't do anything. Logged out. Killed gpg agent (just in case). Rebooted (damn system, maybe). Nope, nothing. Same behaviour as before. :-( Before you restart pcscd, can you see your YubiKey listed by the pcsc_scan command (from the pcsc-tools package)? Does "gpg --card-status" works as expected? Once you have restarted pcscd, can you see your YubiKey listed by the pcsc_scan command? Does "gpg --card-status" works as expected? What are the USB VendorID & ProductID of your YukiKey token? You can just attach the output of lsusb. Thanks -- Dr. Ludovic Rousseau
Bug#925312: pcscd: Does not work if "used" in wrong order
Le 24/03/2019 à 21:19, Joerg Jaspert a écrit : On 15351 March 1977, Ludovic Rousseau wrote: I think I found the problem. I think my system disagrees. :) In my case "gpg --card-status" works only if pcscd is NOT running. GnuPG has its own way to access the smart card readers (here a yubikey) Its a yubikey here too. I propose two possible solutions: 1. remove pcscd from your system but that is a drastic change. No PC/SC application will work any more. Not a good thing, it's there for a reason. And I know it worked in stretch. 2. configure scdaemon to NOT use its internal CCID driver but use the PC/SC interface instead To make option 2 just edit/create the scdaemon configuration file as bellow: $ cat ~/.gnupg/scdaemon.conf disable-ccid Done that. Doesn't do anything. Logged out. Killed gpg agent (just in case). Rebooted (damn system, maybe). Nope, nothing. Same behaviour as before. :-( Before you restart pcscd, can you see your YubiKey listed by the pcsc_scan command (from the pcsc-tools package)? Does "gpg --card-status" works as expected? Once you have restarted pcscd, can you see your YubiKey listed by the pcsc_scan command? Does "gpg --card-status" works as expected? Bye -- Dr. Ludovic Rousseau
Bug#925312: pcscd: Does not work if "used" in wrong order
On 15351 March 1977, Ludovic Rousseau wrote: I think I found the problem. I think my system disagrees. :) In my case "gpg --card-status" works only if pcscd is NOT running. GnuPG has its own way to access the smart card readers (here a yubikey) Its a yubikey here too. I propose two possible solutions: 1. remove pcscd from your system but that is a drastic change. No PC/SC application will work any more. Not a good thing, it's there for a reason. And I know it worked in stretch. 2. configure scdaemon to NOT use its internal CCID driver but use the PC/SC interface instead To make option 2 just edit/create the scdaemon configuration file as bellow: $ cat ~/.gnupg/scdaemon.conf disable-ccid Done that. Doesn't do anything. Logged out. Killed gpg agent (just in case). Rebooted (damn system, maybe). Nope, nothing. Same behaviour as before. -- bye, Joerg
Bug#925312: pcscd: Does not work if "used" in wrong order
Le 22/03/2019 à 23:02, Joerg Jaspert a écrit : Package: pcscd Version: 1.8.24-1 Severity: important Dear Maintainer, Hello, I know the title is confusing, so here: I have a yubikey that got a gpg key on it. Worked perfectly fine in stretch. Now it does not work half the time. Thing is: If I plug the yubikey *BEFORE* anything that tries to get data from it - it works perfectly. If I do NOT plug the yubikey and start such an action (gpg sign for example) - it does NOT work until I issue a sudo /etc/init.d/pcscd restart. So using a gpg decryption example: If I insert the yubikey first, then start a gpg decryption, a dialog box opens for me to enter the pin. I do, press enter, then press yubikey, all fine. If I do NOT insert the yubikey and start the gpg decryption, a dialog box with ok/cancel buttons opens saying "Please insert card ". I can insert the yubikey and press OK, it doesnt care, it asks again. And continues asking until I cancel *OR* sudo restart pcscd. After the sudo restart it happily talks to the yubikey and lets me enter pin, press yubikey and done. I think I found the problem. In my case "gpg --card-status" works only if pcscd is NOT running. GnuPG has its own way to access the smart card readers (here a yubikey) I propose two possible solutions: 1. remove pcscd from your system but that is a drastic change. No PC/SC application will work any more. 2. configure scdaemon to NOT use its internal CCID driver but use the PC/SC interface instead To make option 2 just edit/create the scdaemon configuration file as bellow: $ cat ~/.gnupg/scdaemon.conf disable-ccid I think the problem could be reassigned to scdaemon package. Maybe scdaemon could use PC/SC by default. And switch to its internal CCID driver only if PC/SC is not available? Bye -- Dr. Ludovic Rousseau
Bug#925312: pcscd: Does not work if "used" in wrong order
Package: pcscd Version: 1.8.24-1 Severity: important Dear Maintainer, I know the titel is confusing, so here: I have a yubikey that got a gpg key on it. Worked perfectly fine in stretch. Now it does not work half the time. Thing is: If I plug the yubikey *BEFORE* anything that tries to get data from it - it works perfectly. If I do NOT plug the yubikey and start such an action (gpg sign for example) - it does NOT work until I issue a sudo /etc/init.d/pcscd restart. So using a gpg decryption example: If I insert the yubikey first, then start a gpg decryption, a dialog box opens for me to enter the pin. I do, press enter, then press yubikey, all fine. If I do NOT insert the yubikey and start the gpg decryption, a dialog box with ok/cancel buttons opens saying "Please insert card ". I can insert the yubikey and press OK, it doesnt care, it asks again. And continues asking until I cancel *OR* sudo restart pcscd. After the sudo restart it happily talks to the yubikey and lets me enter pin, press yubikey and done. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages pcscd depends on: ii libc6 2.28-7 ii libccid [pcsc-ifd-handler] 1.4.30-1 ii libpcsclite11.8.24-1 ii libsystemd0 241-1 ii libudev1241-1 ii lsb-base10.2018112800 pcscd recommends no packages. Versions of packages pcscd suggests: ii systemd 241-1 -- no debconf information -- bye, Joerg