Fix for smartcards on some newer linux distros
Grant Olson
kgo at grant-olson.net
Sun Mar 10 01:10:20 CET 2013
I found a few threads going back at least a year where people where
having trouble getting smartcards running with gpg2 on newer linux
distros. Users would see this error when querying the card-status:
gpg: selecting openpgp failed: Unsupported certificate
gpg: OpenPGP card not available: Unsupported certificate
I just ran into the error and spent a few days banging my head against
the wall. But I got things working and thought I'd report here for
the sake of the interwebz.
## Hack fix - disable gnome-keyring-daemon
Just move gnome-keyring-daemon so it doesn't load:
sudo mv /usr/bin/gnome-keyring-daemon
/usr/bin/gnome-keyring-daemon.bak
## Better fix - enable-ssh-support
After I had things running I setup gpg-agent to act as my ssh agent as
well. Then I went to write a blog post and couldn't reproduce the
problem to copy-and-past the output. Sure enough, after disabling ssh
support in gpg-agent, the problem resurfaced.
So that's a better fix that lets gnome-keyring-daemon run.
I'm guessing that once you enable ssh support, gpg-agent grabs access
to the smart card before the gnome-keyring-daemon.
I wrote up a more detailed blog post here:
http://www.rubygems-openpgp-ca.org/blog/using-openpgp-smartcard-on-ubuntu-12-10.html
Hope this helps some other unfortunate souls.
-Grant
P.S. Wonder if we can get a better error message since this really
has nothing to do with unsupported certificates.
More information about the Gnupg-users
mailing list