smart card + gpg only root

Dany dany_list at natzo.com
Wed May 17 07:52:47 CEST 2006 

Hello,

I'm trying to get regular users to use smart card readers under Ubuntu
(dapper). As far as I know Ubuntu uses udev rather than hotplug so I
followed the instructions found at  :
http://www.fsfe.org/en/card/howto/card_reader_howto_udev

It works if I do sudo gpg --card-status. Unfortunately, when I do a
card-status using a regular user I get :

gpg: DBG: ccid-driver: usb_claim_interface failed: -1


I tried :
- To follow the instructions and use the two files found in the how-to
: gnupg-ccid.rules & gnupg-ccid
- to change group ownership (root -> scard) of the files found in
/proc/bus/usb/001/..
From:
-rw-r--r-- 1 root root  001
-rw-r--r-- 1 root root  025

To:
-rw-rw-r-- 1 root scard 001
-rw-rw-r-- 1 root scard 025
- to add 0x in front of the numbers found in gnupg-ccid.rules (except
for the 0660 mode)
- to use the script-less option found in the comments

Also in the how-to it looks like to me that there are three steps
described in the following sentence but I only see two commands after :

"You will now create a group scard, give this group permission to
access the smart card reader, and include the users who should have
access to the card reader to this group"

# addgroup scard
# addgroup yourusername scard (change for the right username)

Where is the "give this group permission to access the smart card
reader" done ?

Sorry for asking all those questions. I'm trying to convince myself to
migrate from SID to Ubuntu and this requires OpenPGP card support
under Ubuntu.

Thank you in advance
Dany





Federico Munerotto wrote:
> Il mer, 2005-07-20 alle 16:55, Werner Koch ha scritto:
>   
>> On Wed, 20 Jul 2005 16:27:04 +0200, Federico Munerotto said:
>>
>>     
>>> if the device is unplugged and then plugged again, belongs again to the
>>> root group and isn't writable again (change its location). I need to set
>>> up hotplug to 
>>> 1. chgrp to the proper group
>>> 2. chmod +rw scard
>>> the file that is created.
>>>       
>> You needs to debug the hotplug script.  Here are the scripts I am
>> using:
>>
>>
>> ______________________________________________________________________
>> # The entries below are used to detect CCID devices and run a script
>> #
>> # USB_MATCH_VENDOR		0x0001
>> # USB_MATCH_PRODUCT		0x0002
>> # USB_MATCH_DEV_LO		0x0004
>> # USB_MATCH_DEV_HI		0x0008
>> # USB_MATCH_DEV_CLASS		0x0010
>> # USB_MATCH_DEV_SUBCLASS	0x0020
>> # USB_MATCH_DEV_PROTOCOL	0x0040
>> # USB_MATCH_INT_CLASS		0x0080
>> # USB_MATCH_INT_SUBCLASS	0x0100
>> # USB_MATCH_INT_PROTOCOL	0x0200
>> #
>> # script   match_flags idVendor idProduct bcdDevice_lo bcdDevice_hi 
>> #          bDeviceClass bDeviceSubClass bDeviceProtocol
>> #          bInterfaceClass bInterfaceSubClass bInterfaceProtocol driver_info
>> #
>> #           flags   V   P   Bl  Bh   Clas Sub  Prot  Clas Sub  Prot  Info
>> gnupg-ccid  0x0080  0x0 0x0 0x0 0x0  0x00 0x00 0x00  0x0B 0x00 0x00  0x00000000
>> # SPR532 is CCID but without the proper CCID class
>> gnupg-ccid  0x0003  0x04e6 0xe003 0x0 0x0  0x00 0x00 0x00  0x0B 0x00 0x00 0x00000000
>>
>>
>> ______________________________________________________________________
>> $ ls -l /etc/hotplug/usb/gnupg*
>> -rwxr-xr-x  1 root root 724 Sep 22  2004 /etc/hotplug/usb/gnupg-ccid
>> -rw-r--r--  1 root root 865 Mar 16 16:08 /etc/hotplug/usb/gnupg-ccid.usermap
>>
>> Remember to chmod +x gnupg-ccid.  I use the group wk instead of scard,
>> so you need to change that.
>>
>> Does this help?
>>     
>
> Yep
>
> Finally it worked, many thanks!
>
> I copied your gnupg-ccid.usermap in /etc/hotplug/usb .
>
> My reader is HUSBSCR by Hamlet:
> http://www.hamletcom.com/ProductDetails.aspx?sid=35b7b4c44d114e50969195359871a380&ProductId=3437
> Thay declare it is win comp but two months ago, when I bought it, there
> was a penguin logo, too.
>
> Now, I'll move my key from $HOME/.gnupg to the card and I'll tell to
> Evolution to read there the key to sign my e-mails.
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

More information about the Gnupg-users mailing list