Poldi example usage of gpg-connect-agent fails
Franck Routier (perso)
alci at mecadu.org
Fri Sep 8 11:00:31 CEST 2017
Hi, and thank you for your help,
Le 07/09/2017 à 08:06, Alexander Paetzelt | Nitrokey a écrit :
> I got this working some weeks ago for testing purposes. I did what's
> written here
>
> https://www.nitrokey.com/documentation/applications#p:nitrokey-pro&os:linux&a:computer-login
>
>
> Why do you think, poldi-ctrl is not there for 0.4? I used 0.4.1 and had
> it (on ArchLinux though). You may have to use root rights to use
> poldi-ctrl?
In fact poldi-ctrl is not included in the debian/ubuntu package.
The NEWS file in /usr/share/doc/libpam-poldi even states, at the very
beginning:
"Changes since version 0.4.1:
* poldi-ctrl is removed
Please use gpg-connect-agent instead."
That said, I could compile poldi-ctrl from source to get the config file
I needed.
The steps I followed are:
$ git clone https://github.com/chrisboyle/poldi.git
$ sudo apt install libgpg-error-dev
$ sudo apt install libpam0g-dev
$ sudo apt install libgcrypt20-dev
$ ./configure;make
then poldi-ctrl is in poldi/src/ctrl/poldi-ctrl
I had to stop the running scdaemon to get it working, and poldi-ctrl -k
finally gave me the right incantations.
So I now have it running. Now, the Debian packager, and even the upstram
doc writer seem to think I should use gpg-agent...
So, anyone has an idea about why this fails:
$ gpg-connect-agent "/datafile myfile" "SCD READKEY --advanced
OPENPGP.3" /bye
ERR 100663414 Identifiant incorrect <SCD>
Regards,
Franck
>
> Kind regards
> Alex
>
>
> On 09/06/2017 11:30 AM, Franck Routier (perso) wrote:
>> Hi,
>>
>> I am trying to get into smartcard usage, and would want to allow
>> Authentication on my system with an OpenPGP Card (FSFE Fellowship
>> smartcard).
>>
>> As I understand it (I might be wrong), the right pam module is Poldi.
>>
>> According to the Texinfo page (info poldi), current version is 0.4,
>> and lacks the previous poldi-ctrl utility, so I have to create some
>> config file manually.
>>
>> Specifically, here is the example that is given:
>>
>>
>> First, the system administrator has to associate the user moritz
>> with
>> the card's serial number:
>>
>> $ echo "D2760001240101010001000006550000 moritz" >>
>> /etc/poldi/localdb/users
>>
>> Second, the system administrator needs to write the card's key
>> into a
>> card-specific key file. Therefore he inserts Moritz' smartcard and
>> executes:
>>
>> $ gpg-connect-agent "/datafile
>> /etc/poldi/localdb/keys/D2760001240101010001000006550000" "SCD READKEY
>> --advanced OPENPGP.3" /bye
>>
>>
>> My problem is that the command gpg-connect-agent "/datafile myfile"
>> "SCD READKEY --advanced OPENPGP.3" /bye returns an error:
>>
>> ERR 100663414 Identifiant incorrect <SCD>
>>
>>
>> Can anyone help me on this ? (or is there a better way to authenticate
>> using an OpenPGP smartcard ?) (or is it just a bad idea ?)
>>
>> Thanks in advance
>>
>> Franck
>>
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170908/19851ffc/attachment-0001.html>
More information about the Gnupg-users
mailing list