OpenPGP card not accessible; ctapi-driver option in gpg.conf does the job for me (with cyberjack reader)

pheaneas xri at abwesend.de
Wed Feb 11 13:05:37 CET 2009 

Hi there,


I hope I can forward an argument for not dropping (direct?) support for
CT/API readers in GnuPG too soon, as Werner often states (and as the
ctapi-driver option is also marked as deprecated in the gpg man page).

Quite recently I dug out my old OpenPGP card again, which I had bought
in 2005 but had no luck with getting it to work under Linux since that
time. Now, finally it's working like a charm by using the reader's
CT/API driver. It took me quite a while and a lot of "trial an error"
(as usual?) to figure out which settings are working and which ones don't.

My first attempt was that with pcscd and the following settings:

* gnupg 1.4.9, gpg-agent 2.0.9 (+ scdaemon from gpgsm-package)
* old Reiner SCT pinpad USB (lsusb says 0c4b:0100 Reiner SCT
Kartensysteme GmbH cyberJack e-com/pinpad)
* recent driver packages for Debian from Reiner SCT homepage
(libctapi-cyberjack2_3.3.0-1stable_i386.deb and
ifd-cyberjack2_3.3.0-1stable_i386.deb)
* libpcsclite1 and pcscd (+ libccid, but I don't think it is needed in
my case - just a dependency)
* lsmod says that "cyberjack" and "usbserial" are also there
* gpg.conf: use-agent

It worked more or less, but a big drawback, which I experienced, was
that for some reason pcscd doesn't detect the card reader when it's
pulled out and plugged in again. Pcscd also never releases the
connection to the reader, which makes it impossible for other
applications, e.g. libchipcard-tools, to access the card reader while
pcscd is running. I have to manually restart or rather stop pcscd as
root before trying this.


After reading what Malte wrote earlier on this topic I also tried the
"ctapi-driver" option, at first in scdaemon.conf:

* scdaemon.conf: ctapi-driver libctapi-cyberjack.so   reader-port 32768
* gpg.conf: use-agent

This led to the strange behaviour with every card operation, except
"list" or rather "--card-status", which Malte also described, that is
the card is suddenly shown as blank and gnupg comes up with an error
message like this:

  "gpg: sending command 'SCD CHECKPIN' to agent failed ec=6.32817"


So, finally I ended up with this, which solves the described problem for
me (even with gpg-agent invoking pinentry for card pin):

* gpg-agent.conf: disable-scdaemon   <--- !!
* gpg.conf: ctapi-driver libctapi-cyberjack.so     reader-port 32768
* gpg.conf: use-agent

Maybe this can contribute to solve this kind of problem, which other
users might have experienced, too - especially with their Reiner-SCT reader.

Regards,
 pheaneas

More information about the Gnupg-users mailing list