TechDocs/CardHowtos/CardreaderSetup_(udev)

Cleanup

This page is hard to read or its content needs to be updated. Please improve this page and remove this box when you are done. Reasons:

  • determine whether the information here is still applicable
  • should we promote downloading and executing a script?

The steps described in this howto are not necessary if you run this udev.sh.

Alexander Finkenberger < afSPAMFILTER@fsfe.org >, Karsten Gerloff < gerloffSPAMFILTER@fsfe.org >, Fernanda Weiden < nandaSPAMFILTER@fsfe.org >, Georg Greve < greveSPAMFILTER@fsfe.org >

Friday 20 January 2006

This howto describes how to set up your smart card reader for use with the Fellowship smart card on GNU/Linux systems using udev functionality. Please note:

This is only an introductory document, aimed at a generic hard- and software setting involving GNU/Linux. For a full-length description please see the full-length Fellowship card Howto. If you run into problems specific to your GnuPG setup, you may want to read other GnuPG Howtos.

Requirements

Set-Up

Prerequisites

You will need to download two files for udev, and copy them to the udev configuration directories, in order to let it identify your card reader:

Installing Udev configs

Open a terminal and become root (you will be asked for your root password):

 $ su -

On Ubuntu systems, you should run (and then you will be asked for the user password):

 $ sudo su -

Then you will have to move the files from the directory you have saved them to, to the udev configuration directories (If the scripts directory does not exist create it):

 # cd /home/directory/where/you/saved/the/file (change for the right path)
 # cp gnupg-ccid.rules /etc/udev/gnupg-ccid.rules
 # cp gnupg-ccid /etc/udev/scripts/gnupg-ccid
 # chmod +x /etc/udev/scripts/gnupg-ccid
 # ln -s /etc/udev/gnupg-ccid.rules /etc/udev/rules.d/gnupg-ccid.rules

All the configuration files are in the right place and with the right permissions by now.

Giving Users Access

You will now create a group scard, give this group permission to access the smart card reader, and include the users who should have access to the card reader to this group.

 # addgroup scard
 # addgroup <yourusername> scard
 # exit

Done! Your smart card reader should be working now.

To give other users access to the card reader, add them to the scard group:

 # addgroup <username> scard

Checking Your Card

If you want to take a look on what you have in your card, plug in the smart card reader, insert your Fellowship card and type:

 $ gpg --card-status

Licensed under the GNU FDL

see discussion page for "old" comments and useful tips.

Debugging

Getting Debug Information

Run gpg as super user in debug mode:

 sudo gpg --debug 2048 --debug-ccid-driver -v --card-status

If the card is found as 'sudo'

You need to tweak the udev rules so that your normal user also has access. You can do this by:

If your normal user still receives the error message "selecting openpgp failed: unknown command", gnome-keyring-daemon could be interfering, see How to set up your Fellowship card.

I recently got a fresh Ubuntu on Dell Latitude E5420 (certified hardware http://www.ubuntu.com/certification/hardware/201011-6891) with an internal smart card reader, and it started to work after I installed the daemon pcscd and got the device settings right with udev rules for device ID 0b97:7772 (O2 Micro, Inc. OZ776 CCID Smartcard Reader).

If no card is found at all

You might be missing a driver or the pcscd service. In Debian/Ubuntu make sure to install pcscd. List of supported drivers by pcscd at http://pcsclite.alioth.debian.org/ccid/section.html.

A common problem

Sometimes, the pcscd service, along with the gnome keyring, can cause problems running commands other than gpg --card-status when everything else is set up correctly. To rectify this, there are a few simple things that can be done.

Firstly, open up the list of Start up Applications, and uncheck GPG Password Agent. If you also use your smartcard for SSH, you may need to uncheck the SSH Password Agent, too. Though, this may need verifying.

Secondly, comment out the line in your ~/.gnupg/gpg.conf file that says "use-agent".

Lastly, uninstall pcscd, and install scdaemon instead. Possibly gnupg-agent, also. But again, this could do with verifying also.

Fingers crossed, after a logout/reboot, you should now have your smartcard up and running without having to use it under root.


Category/HowTo

TechDocs/CardHowtos/CardreaderSetup_(udev) (last edited 2016-05-07 17:20:02 by jzarl)