[Nix-dev] Using a smartcard with GPG
Nikita Karetnikov
nikita at karetnikov.org
Thu Feb 5 14:49:44 CET 2015
Since NixOS is an unusual system, I’ve decided to ask here before
talking to the GnuPG people.
How can I access a smart card? 'pccardctl'
(see https://github.com/NixOS/nixpkgs/pull/6172) detects it:
$ /nix/store/dwibbrcls43c0bxkcj52qj6mi8xipd6a-pcmciautils-017/bin/pccardctl ls
Socket 0 Bridge: [yenta_cardbus] (bus ID: 0000:05:00.0)
Socket 0 Device 0: [cm4040_cs] (bus ID: 0.0)
$ /nix/store/dwibbrcls43c0bxkcj52qj6mi8xipd6a-pcmciautils-017/bin/pccardctl status
Socket 0:
5.0V 16-bit PC Card
Subdevice 0 (function 0) bound to driver "cm4040_cs"
$ /nix/store/dwibbrcls43c0bxkcj52qj6mi8xipd6a-pcmciautils-017/bin/pccardctl ident
Socket 0:
product info: "OMNIKEY", "CardMan 4040", "", ""
manfid: 0x0223, 0x0200
I've tried adding the following lines to 'configuration.nix' as
suggested in
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/107337, but it
doesn't make a difference:
services.udev.extraRules =
''
SUBSYSTEM=="cardman_4040", GROUP="scard", MODE="0660"
'';
users.extraGroups = { sdcard = { }; };
users.extraGroups.sdcard.members = [ "nikita" ];
After switching to the new config and rebooting:
$ ls -l /dev/cmx0
crw-rw---- 1 root root 248, 0 Feb 5 16:45 /dev/cmx0
$ gpg2 --card-edit
scdaemon[2242]: error sending PC/SC OPEN request: Broken pipe
scdaemon[2242]: error sending PC/SC OPEN request: Broken pipe
gpg: selecting openpgp failed: Card error
gpg: OpenPGP card not available: Card error
With ‘sudo’:
$ sudo gpg2 --card-status
gpg: selecting openpgp failed: Card not present
gpg: OpenPGP card not available: Card not present
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150205/1a682d52/attachment.bin
More information about the nix-dev
mailing list