Cannot get my eID card working with gpg

Witko · 2016-11-23 12:06:36

I'm trying to setup a 08e6:3437 Gemalto (was Gemplus) GemPC Twin SmartCard Reader together with my eID card. I've tried multiple approaches but none worked.
The interesting thing is that when i use pcsc_scan i can see the card nicely. When i use gpg --card-status it prints:

gpg: OpenPGP card not available: Not supported

With pcsc_scan it recognizes the cards as:

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B DF 18 00 81 31 FE 58 00 31 B9 64 05 0E 01 00 73 B4 01 D3 00 00 00 22
Identity Card in Slovakia with security chip and e-signature

my scdaemon.conf:

pcsc-driver /usr/lib/libpcsclite.so
card-timeout 5
disable-ccid

Any help is highly appreciated.

Witko

R00KIE · 2016-11-23 14:48:24

I get the same answer from openpgp with my eID card, which can also be correctly detected with pcsc_scan. I suspect these cards cannot be used with openpgp and require proprietary applications to use the cryptographic and and other functionalities.

What is returned by pcsc_scan is the basic information contained in the ATR response, which all cards should provide.

Witko · 2016-11-23 22:39:04

True enough. I suspected that a bit. But i've checked the specs of the card and it says following:

Standard: ISO 7816
PC Interface: USB CCID
Chip communication protocol: T = 0, T=1
Communication speed: 115,2 kbaud
Chip clock frequency: 3,5 MHz

From what i found gpg should support ISO 7816. I dont know much about this stuff but i've tried also other cards with chip i have - including visa electron. Everything behaved the same way.

R00KIE · 2016-11-23 23:11:15

Even if gpg supports ISO 7816[1], it doesn't mean the card allows you to use the cryptographic functions directly. ISO 7816 seems to cover a lot more than just cryptographic specifications, it seems to cover everything from physical and electrical specifications to how you talk with the card.

Like I've said before you probably need a proprietary application, which should be provided by some branch of your government, to use the cryptographic functions of the card(1), besides reading and modifying other information contained in the card.

Witko wrote:

Standard: ISO 7816
PC Interface: USB CCID
Chip communication protocol: T = 0, T=1
Communication speed: 115,2 kbaud
Chip clock frequency: 3,5 MHz

First line specifies which standard the card adheres to, the second seems to be more about a usb card reader than the card itself and all other lines are about communication parameters, there is nothing that says the card will or should work with openpgp.

(1) You should think twice if you want to use the keys embedded in your eID card for anything else except where you really have to, such as state services. The reason that makes me say this is that if you haven't generated the public/private key pair you don't know who else has access to them.

[1] https://en.wikipedia.org/wiki/ISO/IEC_7816

Witko · 2016-11-25 11:31:58

Well guess im gonna have to get the app from government working.
Thanks fork help!

R00KIE · 2016-11-26 17:49:20

I was remembering about this today and I have stumbled upon opensc[1], you could try it and see if your eID card is supported, even if not listed explicitly in the wiki. There is a version already in the repos so it should be quick to test.

[1] https://github.com/OpenSC/OpenSC/wiki

Arch Linux

#1 2016-11-23 12:06:36

Cannot get my eID card working with gpg

#2 2016-11-23 14:48:24

Re: Cannot get my eID card working with gpg

#3 2016-11-23 22:39:04

Re: Cannot get my eID card working with gpg

#4 2016-11-23 23:11:15

Re: Cannot get my eID card working with gpg

#5 2016-11-25 11:31:58

Re: Cannot get my eID card working with gpg

#6 2016-11-26 17:49:20

Re: Cannot get my eID card working with gpg

Board footer