YubiKey/OpenPGP card connection issues for non-root user
Felix E. Klee
felix.klee at inka.de
Thu Aug 3 09:04:26 CEST 2023
Recently I set up a YubiKey 5C NFC, and when I connect it to my Linux
system (running in VMware under Windows), it sometimes takes minutes to
be able to use. I.e. it can take forever until I get a successful
response from:
gpg --card-status
OTOH I can immediately get a response when I run the above command as
root. Now I notice that the occasional connection issues I have with the
OpenPGP card in my SCM SPR332 are similar. Furthermore, it happens that
the YubiKey or the card reader suddenly disappear for the ordinary user,
although that is rare.
I have set up udev rules for both. But it seems that sometimes they
don't trigger, or only with a long delay.
[felix at felix-arch ~]$ cd /etc/udev/rules.d/
[felix at felix-arch rules.d]$ cat 70-yubikey.rules
# YubiKey Support
#
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050",
ENV{ID_MODEL_ID}=="0404", MODE="660", GROUP="scard"
[felix at felix-arch rules.d]$ cat 71-gnupg-ccid.rules # GPG SmartCard
Reader Support
#
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="04e6",
ENV{ID_MODEL_ID}=="e003", MODE="660", GROUP="scard"
Even without udev rules, I think I should have access to the devices,
because I'm in group `scard`:
[felix at felix-arch ~]$ ls /dev/bus/usb/002/011
/dev/bus/usb/002/011
[felix at felix-arch ~]$ ls -l /dev/bus/usb/002/011
crw-rw---- 1 root scard 189, 138 Aug 3 14:56 /dev/bus/usb/002/011
[felix at felix-arch ~]$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
[felix at felix-arch ~]$ groups
scanner saned uucp optical lp audio wheel felix scard plugdev
[felix at felix-arch ~]$ lsusb
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 004: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 003 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 003 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 002: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 011: ID 1050:0404 Yubico.com Yubikey 4/5 CCID
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
How do I fix that?
I am happy to substitute the udev rules with a timer, or to call some
command to give permissions every time I want to use the YubiKey or the
OpenPGP card. I just would like the whole process to be more reliable.
Currently, it’s extremely frustrating.
More information about the Gnupg-users
mailing list