YubiKey/OpenPGP card connection issues for non-root user
Felix E. Klee
felix.klee at inka.de
Sat Aug 5 06:10:13 CEST 2023
On Thu, Aug 3, 2023 at 9:28 PM Michael Richardson
<mcr+ietf at sandelman.ca> wrote:
> I think you need to make sure that it's not VMware that's failing to
> plug the device through in a timely manner.
I have configured the VMware guest to automatically take over these
devices from the Windows 10 host:
usb.autoConnect.device0 = "0x04e6:0xe003"
[…]
usb.autoConnect.device7 = "0x1050:0x0404"
> dmesg -w
I just played around. After unplugging the YubiKey, I connected the
SPR332:
[felix at felix-arch ~]$ sudo dmesg -w
[…]
[ 5135.728320] usb 2-1: new full-speed USB device number 6 using
uhci_hcd
[ 5136.137546] usb 2-1: New USB device found, idVendor=04e6,
idProduct=e003, bcdDevice= 7.01
[ 5136.137551] usb 2-1: New USB device strings: Mfr=1, Product=2,
SerialNumber=5
[ 5136.137553] usb 2-1: Product: SPRx32 USB Smart Card Reader
[ 5136.137554] usb 2-1: Manufacturer: SCM Microsystems Inc.
[ 5136.137555] usb 2-1: SerialNumber: 51271741200012
^C
[felix at felix-arch ~]$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
[felix at felix-arch ~]$ sudo gpg --card-status
Reader ...........: SCM Microsystems Inc. SPR 532 [CCID Interface]
(51271741200012) 00 00
Application ID ...: D2760001240103030005000064D50000
Application type .: OpenPGP
Version ..........: 3.3
Manufacturer .....: ZeitControl
Serial number ....: 000064D5
Name of cardholder: Felix Klee
Language prefs ...: en
Salutation .......: Mr.
URL of public key :
https://sks-keyservers.net/pks/lookup?op=get&search=0x5EF8B6017F668171259945D6BEF6EFD38FE8DCA0
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa4096 rsa4096 rsa2048
Max. PIN lengths .: 64 64 64
PIN retry counter : 3 3 3
Signature counter : 10
KDF setting ......: off
Signature key ....: 5EF8 B601 7F66 8171 2599 45D6 BEF6 EFD3 8FE8
DCA0
created ....: 2016-12-17 10:49:18
Encryption key....: 27BF BB40 70FC 6351 189E 79FE 04FD F78D 1679
DD94
created ....: 2016-12-17 10:49:18
Authentication key: [none]
General key info..: pub rsa4096/BEF6EFD38FE8DCA0 2016-12-17 Felix E.
Klee <felix.klee at inka.de>
sec> rsa4096/BEF6EFD38FE8DCA0 created: 2016-12-17 expires:
2020-11-10 card-no: 0005 000064D5
ssb> rsa4096/04FDF78D1679DD94 created: 2016-12-17 expires:
2020-11-10 card-no: 0005 000064D5
[felix at felix-arch ~]$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
As you can see, I can connect to it as root but not as regular user.
Sometimes connection as regular user works, sometimes not. Sometimes I
just have to wait for a while, can be minutes, and then it works.
I also tried killing root’s gpg-agent, to avoid conflicts with that of
the user, but that didn’t help either.
Furthermore, even if udev doesn’t trigger, I should have rw access to
the device file (it’s an SPR332, not sure why it says SPR532):
[felix at felix-arch ~]$ lsusb | grep SPR532
Bus 002 Device 006: ID 04e6:e003 SCM Microsystems, Inc. SPR532
PinPad SmartCard Reader
[felix at felix-arch ~]$ ls -l /dev/bus/usb/002/006
crw-rw---- 1 root scard 189, 133 Aug 5 12:02 /dev/bus/usb/002/006
[felix at felix-arch ~]$ groups
scanner saned uucp optical lp audio wheel felix scard plugdev
[felix at felix-arch ~]$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
Why does it work as root but not as regular user?
Any suggestion for a fix, even if crude, is welcome!
More information about the Gnupg-users
mailing list