You are not logged in.

Pages: 1

#1 2023-12-07 09:24:58

cmonty14
Member
Registered: 2019-10-05
Posts: 51

Cannot detect smartcard running gpg --card-status

Hello,

I'm trying to setup GnuPG + smartcards based on this wiki article.
However running command gpg --card-status returns this error:

gpg: selecting card failed: Service is not running
gpg: OpenPGP card not available: Service is not running

In addition I can see this error in pcscd.service log:

Dec 07 10:03:34 W-PF3FCBQC pcscd[6082]: 00000000 auth.c:143:IsClientAuthorized() Process 1114 (user: 1000) is NOT authorized for action: access_pcsc
Dec 07 10:03:34 W-PF3FCBQC pcscd[6082]: 00000124 winscard_svc.c:355:ContextThread() Rejected unauthorized PC/SC client

Checking which process is 1114 I found this:

❯ pgrep -f scdaemon
1114

This means the correct process "scdaemon" is accessing the smartcard.
Imo I must fix the authorization issue with pcscd first. However I don't know where to start.

Here are some GnuPG configuration files.

❯ cat .gnupg/gpg.conf 
no-emit-version
no-comments
export-options export-minimal
keyid-format 0xlong
with-fingerprint
# Displays the validity of the keys
list-options show-uid-validity
verify-options show-uid-validity
# Limits the algorithms used
personal-cipher-preferences AES256 AES192 AES
personal-digest-preferences SHA512 SHA384 SHA256
default-preference-list SHA512 SHA384 SHA256 RIPEMD160 AES256 TWOFISH BLOWFISH ZLIB BZIP2 ZIP Uncompressed
cipher-algo AES256
digest-algo SHA512
cert-digest-algo SHA512
compress-algo ZLIB
disable-cipher-algo 3DES
weak-digest SHA1
s2k-cipher-algo AES256
s2k-digest-algo SHA512
s2k-mode 3
s2k-count 65011712
charset utf-8
no-symkey-cache
use-agent
throw-keyids
❯ cat .gnupg/gpg-agent.conf
default-cache-ttl 600
max-cache-ttl 7200
pinentry-program /usr/sbin/pinentry-curses
enable-ssh-support
log-file /var/log/gnupg/gpg-agent.log
debug-level guru
❯ cat .gnupg/scdaemon.conf
pcsc-driver /usr/lib/libpcsclite.so
card-timeout 5
disable-ccid

Offline

#2 2023-12-07 17:59:44

froli
Member
From: Germany
Registered: 2008-06-17
Posts: 455

Re: Cannot detect smartcard running gpg --card-status

I am having this issue as well. It used to work normally though. I don't know if an update to some related package broke something.

What happens if you run gpg --card-status as root? In might case it works. Even pcsc_scan also works, even as normal user. Can it be a udev rule or something? I don't remember configuring one though...

archlinux on Macbook Pro 10,1

Offline

#3 2023-12-07 18:31:08

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 607

Re: Cannot detect smartcard running gpg --card-status

Perhaps related: archlinux/packaging/packages/gnupg#4.

Offline

#4 2024-01-11 16:39:48

cmonty14
Member
Registered: 2019-10-05
Posts: 51

Re: Cannot detect smartcard running gpg --card-status

Indeed I can run gpg ---card-status as root, means

sudo gpg --card-status

returns the relevant information of the smartcard.

Imo this command must work w/o root permission, too.

Offline

#5 2024-01-12 07:39:48

cmonty14
Member
Registered: 2019-10-05
Posts: 51

Re: Cannot detect smartcard running gpg --card-status

I created this udev-rule, but issue persists:

❯ cat /etc/udev/rules.d/41-nitrokey.rules
SUBSYSTEMS=="usb", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4108", MODE="0660", TAG+="uaccess"

I assume parameter SUBSYSTEMS=="usb" is incorrect based on output of udevadm info --attribute-walk --path=/devices/platform/vhci_hcd.0/usb1/1-1/1-1:1.0/0003:20A0:4108.0002

Udevadm info starts with the device specified by the devpath and then
walks up the chain of parent devices. It prints for every device
found, all possible attributes in the udev rules key format.
A rule to match, can be composed by the attributes of the device
and the attributes from one single parent device.

  looking at device '/devices/platform/vhci_hcd.0/usb1/1-1/1-1:1.0/0003:20A0:4108.0002':
    KERNEL=="0003:20A0:4108.0002"
    SUBSYSTEM=="hid"
    DRIVER==""
    ATTR{report_descriptor}==""

  looking at parent device '/devices/platform/vhci_hcd.0/usb1/1-1/1-1:1.0':
    KERNELS=="1-1:1.0"
    SUBSYSTEMS=="usb"
    DRIVERS=="usbhid"
    ATTRS{authorized}=="1"
    ATTRS{bAlternateSetting}==" 0"
    ATTRS{bInterfaceClass}=="03"
    ATTRS{bInterfaceNumber}=="00"
    ATTRS{bInterfaceProtocol}=="00"
    ATTRS{bInterfaceSubClass}=="00"
    ATTRS{bNumEndpoints}=="01"
    ATTRS{supports_autosuspend}=="1"

  looking at parent device '/devices/platform/vhci_hcd.0/usb1/1-1':
    KERNELS=="1-1"
    SUBSYSTEMS=="usb"
    DRIVERS=="usb"
    ATTRS{authorized}=="1"
    ATTRS{avoid_reset_quirk}=="0"
    ATTRS{bConfigurationValue}=="1"
    ATTRS{bDeviceClass}=="00"
    ATTRS{bDeviceProtocol}=="00"
    ATTRS{bDeviceSubClass}=="00"
    ATTRS{bMaxPacketSize0}=="64"
    ATTRS{bMaxPower}=="100mA"
    ATTRS{bNumConfigurations}=="1"
    ATTRS{bNumInterfaces}==" 2"
    ATTRS{bcdDevice}=="0101"
    ATTRS{bmAttributes}=="80"
    ATTRS{busnum}=="1"
    ATTRS{configuration}==""
    ATTRS{devnum}=="3"
    ATTRS{devpath}=="1"
    ATTRS{idProduct}=="4108"
    ATTRS{idVendor}=="20a0"
    ATTRS{ltm_capable}=="no"
    ATTRS{manufacturer}=="Nitrokey"
    ATTRS{maxchild}=="0"
    ATTRS{product}=="Nitrokey Pro"
    ATTRS{quirks}=="0x0"
    ATTRS{removable}=="unknown"
    ATTRS{remove}=="(not readable)"
    ATTRS{rx_lanes}=="1"
    ATTRS{serial}=="0000000000000000000080CE"
    ATTRS{speed}=="12"
    ATTRS{tx_lanes}=="1"
    ATTRS{urbnum}=="13"
    ATTRS{version}==" 1.10"

  looking at parent device '/devices/platform/vhci_hcd.0/usb1':
    KERNELS=="usb1"
    SUBSYSTEMS=="usb"
    DRIVERS=="usb"
    ATTRS{authorized}=="1"
    ATTRS{authorized_default}=="1"
    ATTRS{avoid_reset_quirk}=="0"
    ATTRS{bConfigurationValue}=="1"
    ATTRS{bDeviceClass}=="09"
    ATTRS{bDeviceProtocol}=="01"
    ATTRS{bDeviceSubClass}=="00"
    ATTRS{bMaxPacketSize0}=="64"
    ATTRS{bMaxPower}=="0mA"
    ATTRS{bNumConfigurations}=="1"
    ATTRS{bNumInterfaces}==" 1"
    ATTRS{bcdDevice}=="0515"
    ATTRS{bmAttributes}=="e0"
    ATTRS{busnum}=="1"
    ATTRS{configuration}==""
    ATTRS{devnum}=="1"
    ATTRS{devpath}=="0"
    ATTRS{idProduct}=="0002"
    ATTRS{idVendor}=="1d6b"
    ATTRS{interface_authorized_default}=="1"
    ATTRS{ltm_capable}=="no"
    ATTRS{manufacturer}=="Linux 5.15.133.1-microsoft-standard-WSL2 vhci_hcd"
    ATTRS{maxchild}=="8"
    ATTRS{product}=="USB/IP Virtual Host Controller"
    ATTRS{quirks}=="0x0"
    ATTRS{removable}=="unknown"
    ATTRS{remove}=="(not readable)"
    ATTRS{rx_lanes}=="1"
    ATTRS{idVendor}=="20a0"
    ATTRS{ltm_capable}=="no"
    ATTRS{manufacturer}=="Nitrokey"
    ATTRS{maxchild}=="0"
    ATTRS{product}=="Nitrokey Pro"
    ATTRS{quirks}=="0x0"
    ATTRS{removable}=="unknown"
    ATTRS{remove}=="(not readable)"
    ATTRS{rx_lanes}=="1"
    ATTRS{serial}=="0000000000000000000080CE"
    ATTRS{speed}=="12"
    ATTRS{tx_lanes}=="1"
    ATTRS{urbnum}=="13"
    ATTRS{version}==" 1.10"

  looking at parent device '/devices/platform/vhci_hcd.0/usb1':
    KERNELS=="usb1"
    SUBSYSTEMS=="usb"
    DRIVERS=="usb"
    ATTRS{authorized}=="1"
    ATTRS{authorized_default}=="1"
    ATTRS{avoid_reset_quirk}=="0"
    ATTRS{bConfigurationValue}=="1"
    ATTRS{bDeviceClass}=="09"
    ATTRS{bDeviceProtocol}=="01"
    ATTRS{bDeviceSubClass}=="00"
    ATTRS{bMaxPacketSize0}=="64"
    ATTRS{bMaxPower}=="0mA"
    ATTRS{bNumConfigurations}=="1"
    ATTRS{bNumInterfaces}==" 1"
    ATTRS{bcdDevice}=="0515"
    ATTRS{bmAttributes}=="e0"
    ATTRS{busnum}=="1"
    ATTRS{configuration}==""
    ATTRS{devnum}=="1"
    ATTRS{devpath}=="0"
    ATTRS{idProduct}=="0002"
    ATTRS{idVendor}=="1d6b"
    ATTRS{interface_authorized_default}=="1"
    ATTRS{ltm_capable}=="no"
    ATTRS{manufacturer}=="Linux 5.15.133.1-microsoft-standard-WSL2 vhci_hcd"
    ATTRS{maxchild}=="8"
    ATTRS{product}=="USB/IP Virtual Host Controller"
    ATTRS{quirks}=="0x0"
    ATTRS{removable}=="unknown"
    ATTRS{remove}=="(not readable)"
    ATTRS{rx_lanes}=="1"

Last edited by cmonty14 (2024-01-12 07:53:19)

Offline

Pages: 1

Board footer

Powered by FluxBB