Contents
Alexander Finkenberger < afSPAMFILTER@fsfe.org >, Karsten Gerloff < gerloffSPAMFILTER@fsfe.org >, Fernanda Weiden < nandaSPAMFILTER@fsfe.org >, Georg Greve < greveSPAMFILTER@fsfe.org >
Friday 20 January 2006
This howto describes how to set up your smart card reader for use with the Fellowship smart card on GNU/Linux systems using udev functionality. Please note:
This is only an introductory document, aimed at a generic hard- and software setting involving GNU/Linux. For a full-length description please see the full-length Fellowship card Howto. If you run into problems specific to your GnuPG setup, you may want to read other GnuPG Howtos.
- What do you need to use the card?
A smart card reader. A list of tested readers can be found here.
- Root privileges on your GNU/linux system.
- GnuPG 1.4.2 or higher. Setting up the card reader
First of all, you will need to download two files for udev and copy them to the udev configuration directories, in order to let it identify your card reader:
Now, open a terminal and become root (you will be asked for your root password):
$ su -
On Ubuntu systems, you should run (and then you will be asked for the user password):
$ sudo su -
Then you will have to move the files from the directory you have saved them to, to the udev configuration directories (If the scripts directory does not exist create it):
# cd /home/directory/where/you/saved/the/file (change for the right path) # cp gnupg-ccid.rules /etc/udev/gnupg-ccid.rules # cp gnupg-ccid /etc/udev/scripts/gnupg-ccid # chmod +x /etc/udev/scripts/gnupg-ccid # ln -s /etc/udev/gnupg-ccid.rules /etc/udev/rules.d/gnupg-ccid.rules
All the configuration files are in the right place and with the right permissions by now.
You will now create a group scard, give this group permission to access the smart card reader, and include the users who should have access to the card reader to this group.
# addgroup scard # addgroup yourusername scard (change for the right username) # exit (to logout the root user)
Done! Your smart card reader should be working now.
If you want to take a look on what you have in your card, plug in the smart card reader, insert your Fellowship card and type:
$ gpg --card-status
Licensed under the GNU FDL
see discussion page for "old" comments and useful tips.
- Debugging
Run gpg as super use in debug mode:
sudo gpg --debug 2048 --debug-ccid-driver -v --card-status
If the card is found as 'sudo', then you need to tweak the udev rules so that your normal user also has access. If no card is found at all, you might be missing a driver or the pcscd service. In Debian/Ubuntu make sure to install pcscd. List of supported drivers by pcscd at http://pcsclite.alioth.debian.org/ccid/section.html.
Success: I got a fresh Ubuntu on Dell Latitude E5420 (certified hardware http://www.ubuntu.com/certification/hardware/201011-6891) with an internal smart card reader, and it started to work after i installed the daemon pcscd and got the device settings right with udev rules for device ID 0b97:7772 (O2 Micro, Inc. OZ776 CCID Smartcard Reader).