gpg-agent and scdaemon confusion when card is removed

Alphazo alphazo at gmail.com
Sun Oct 3 23:25:26 CEST 2010 

Hello,

Just received a Crypto Stick from the German Privacy Fundation. It is
basically a USB token that embeds an OpenPGP card and a CCID smart card
reader.

My OS is Archlinux 64-bit and it has the following packages installed:
- gnupg 1.4.10-2
- gnupg2 2.0.16-2
- ccid 1.4.0-2
- pcsclite 1.6.4-2

Since it has a pretty recent version of ccid I didn't have to patch ccid nor
use any custom udev rule. The Crypto Stick worked out of the box.

--> Crypto Stick inserted
# gpg --card-status
gpg: detected reader `German Privacy Foundation Crypto Stick v1.2 00 00'
Application ID ...: D2760001240102000005000005840000
Version ..........: 2.0
.....
--> Crypto Stick removed
# gpg --card-status
gpg: pcsc_list_readers failed: unknown PC/SC error code (0x8010002e)
gpg: lecteur de cartes indisponible
gpg: la carte OpenPGP n'est pas disponible: erreur générale

--> Crypto Stick inserted
# gpg --card-status
gpg: detected reader `German Privacy Foundation Crypto Stick v1.2 00 00'
Application ID ...: D2760001240102000005000005840000
Version ..........: 2.0
.....

Then I managed to get SSH authentication working with that CryptoStick
following instructions found here
http://www.programmierecke.net/howto/gpg-ssh.html. That required to enable
gpg-agent and configure ssh support for it. However for some reasons it
breaks when Crypto Stick is removed then inserted back. I no longer have
access to the card. I have to kill scdaemon in order to get access to the
card again. Here are my config files:

/etc/profile.d/gpg-agent.sh
#!/bin/sh
envfile="${HOME}/.gnupg/gpg-agent.env"
if test -f "$envfile" && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d:
-f 2) 2>/dev/null; then
    eval "$(cat "$envfile")"
else
    eval "$(gpg-agent --enable-ssh-support --daemon --write-env-file
"$envfile")"
fi


~/.gnupg/gpg-agent.conf
# Cache settings
default-cache-ttl 3600
default-cache-ttl-ssh 10800
allow-mark-trusted
# Keyboard control
#no-grab
# PIN entry program
pinentry-program /usr/bin/pinentry-gtk-2

So now with gpg-agent enable I have the following behavior:
# ps aux | grep gpg
alpha     5455  0.0  0.0  15140   560 ?        Ss   22:20   0:00 gpg-agent
--enable-ssh-support --daemon --write-env-file
/home/alpha/.gnupg/gpg-agent.env

--> Crypto Stick inserted
# gpg --card-status
Application ID ...: D2760001240102000005000005840000
Version ..........: 2.0
.....

--> Crypto Stick removed
# gpg --card-status
gpg: selecting openpgp failed: ec=6.32848
gpg: la carte OpenPGP n'est pas disponible: erreur générale

--> Crypto Stick inserted
# gpg --card-status
gpg: selecting openpgp failed: ec=6.32848
gpg: la carte OpenPGP n'est pas disponible: erreur générale

#kill -9 scdaemon

# gpg --card-status
Application ID ...: D2760001240102000005000005840000
Version ..........: 2.0
.....

Is there a way to avoid that behavior or to have some kind of script to kill
scdaemon automatically?

Thanks
Alphazo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20101003/57bac27e/attachment.htm>

More information about the Gnupg-users mailing list