Contents
Here you can find our howtos for setting up your computer to use your the Fellowship crypto card.
Setting up your card reader on GNU/Linux (udev)
This howto has been moved to another page
Setting up your card reader on GNU/Linux (hotplug)
Alexander Finkenberger, Karsten Gerloff, Fernanda Weiden, Georg Greve - Monday 28 November 2005
This howto describes how to set up your smart card reader for use with the Fellowship crypto card on GNU/Linux systems using hotplug functionality.
Please note: This is only an introductory document, aimed at a generic hard- and software setting involving GNU/Linux. For a full-length description please see the full-length Fellowship crypto card Howto. If you run into problems specific to your GnuPG setup, you may want to read other GnuPG Howtos.
What do you need to use the card?
A smart card reader. A list of tested readers can be found here.
- Root privileges on your GNU/linux system.
- GnuPG 1.4.2 or higher.
Setting up the card reader
First of all, you will need to download two files for hotplug and copy them to the hotplug configuration directory, in order to let it identify your card reader:
Now, open a terminal and become root (you will be asked for your root password):
$ su -
On Ubuntu systems, you should run (and then you will be asked for the user password):
$ sudo su -
Then you will have to move the files from the directory you have saved them to, to the hotplug configuration directory:
# cd /home/directory/where/you/saved/the/file (change for the right path) # cp gnupg-ccid.usermap /etc/hotplug/usb/gnupg-ccid.usermap # cp gnupg-ccid /etc/hotplug/usb/gnupg-ccid # chmod +x /etc/hotplug/usb/gnupg-ccid
All the configuration files are in the right place and with the right permissions by now.
You will now create a group scard, give this group permission to access the smart card reader, and include the users who should have access to the card reader to this group.
# addgroup scard # addgroup yourusername scard (change for the right username) # exit (to logout the root user)
Done! Your smart card reader should be working now.
If you want to take a look on what you have in your card, plug-in the smart card reader, insert your Fellowship crypto card, and type:
$ gpg --card-status
Feel free to to improve this howto!
Licensed under the GNU FDL
Using the card with your main key (not recommended)
gerloff < gerloffSPAMFILTER@fsfe.org > - Wednesday 14 September 2005
This Howto gives very basic instructions for generating a GnuPG key and setting up your computer for use with the Fellowship card.
You can use your card for several purposes. Since most people will want to use it for mail signing and encryption, this is what we're going to talk about here. This document tries to guide you through the process of setting up your Cryptocard and getting it to do what you want it to do in a not-too-technical fashion.
For a start, we will only consider the situation where you generate a new GnuPG key to put onto your Cryptocard. This is the case for people who are using GnuPG for the first time.
Please note: This is only an introductory document, aimed at a generic hard- and software setting involving GNU/Linux. For a full-length description please see the Card Howto . If you run into problems specific to your GnuPG setup, you may want to read other GnuPG Howtos .
What do you need to use the card?
- You will need something to stick your card into: A smartcard reader. There are several on the market. Pick the one that best suits your needs. (Advice: The SCR 335 is small and portable, but crashes very frequently unless connected via an USB hub. And its firmware cannot be upgraded.)
- Since you are going to install programs, you will need root privileges on your computer.
- You will also need an installation of GnuPG 1.4.2 or higher on your computer. Debian and Ubuntu GNU/Linux users can get this on the command line via $apt-get install gnupg. All others please refer to the GnuPG download section for information and download links.
Generating a key for your card
First set up your card reader by following our card reader howto (hotplug). For newer systems, please follow the card reader howto (udev)
To modify the contents of your card, use the following command:
$ gpg --card-editGnuPG
will start again, this time giving you its own command line and awaiting your orders. You can now start to generate your own GPG key and copy it onto the card. First, enter the GnuPG's administrator mode:
command> admin
Then, tell GnuPG to generate a key for you:
command> generate
You will be asked if you would like to make an off-card copy of the encryption key. It is useful to say yes here.
Choose if your key should expire after a certain time. Now you are asked for your real name, your email address and a comment (you don't have to enter a comment). Then confirm your information with "o". When you are asked for a passphrase, leave it blank.
Now you should be able to use your Smartcard the usual way one would use GnuPG, but instead of typing in a passphrase you have to enter the PIN. Have a lot of fun with your Fellowship card!
Using your Card with subkeys only (recommended)
This howto has been moved here.
Using your card on Mac OS X
Attention: Mac OS X is a non-free operating system!
Getting ssh to work on GNOME systems
Some GNOME users may find that the card works on their system but there is a problem with getting ssh subkeys on the card to work.
This is a problem causes by gnome-keyring. This application is taking control of the ssh socket and preventing gpg-agent from working properly.
You can fix this by issuing the following command in a terminal:
command> gconftool-2 --set -t bool /apps/gnome-keyring/daemon-components/ssh false
This fix for this problem was originally discussed here: http://www.gossamer-threads.com/lists/gnupg/users/43682