[Nix-dev] Using a smartcard with GPG

Kirill Elagin kirelagin at gmail.com
Fri Feb 6 10:29:08 CET 2015 

On Thu Feb 05 2015 at 5:50:13 PM Nikita Karetnikov <nikita at karetnikov.org>
wrote:

> Since NixOS is an unusual system, I’ve decided to ask here before
> talking to the GnuPG people.
>
> How can I access a smart card?  'pccardctl'
> (see https://github.com/NixOS/nixpkgs/pull/6172) detects it:
>
> $ /nix/store/dwibbrcls43c0bxkcj52qj6mi8xipd6a-pcmciautils-017/bin/pccardctl
> ls
> Socket 0 Bridge:        [yenta_cardbus]         (bus ID: 0000:05:00.0)
> Socket 0 Device 0:      [cm4040_cs]             (bus ID: 0.0)
>
> $ /nix/store/dwibbrcls43c0bxkcj52qj6mi8xipd6a-pcmciautils-017/bin/pccardctl
> status
> Socket 0:
>   5.0V 16-bit PC Card
>   Subdevice 0 (function 0) bound to driver "cm4040_cs"
>
> $ /nix/store/dwibbrcls43c0bxkcj52qj6mi8xipd6a-pcmciautils-017/bin/pccardctl
> ident
> Socket 0:
>   product info: "OMNIKEY", "CardMan 4040", "", ""
>   manfid: 0x0223, 0x0200
>
> I've tried adding the following lines to 'configuration.nix' as
> suggested in
> https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/107337, but it
> doesn't make a difference:
>
>   services.udev.extraRules =
>     ''
>         SUBSYSTEM=="cardman_4040", GROUP="scard", MODE="0660"
>         '';
>
>   users.extraGroups = { sdcard = { }; };
>   users.extraGroups.sdcard.members = [ "nikita" ];
>
> After switching to the new config and rebooting:
>
> $ ls -l /dev/cmx0
> crw-rw---- 1 root root 248, 0 Feb  5 16:45 /dev/cmx0
>

Well, looks like the rule doesn’t work.
You can play with `udevadm` to find out why it doesn’t match your reader.

(BTW using special groups for this kind of things is braindead IMO. It
should be managed by logind [so Ubuntu links are definitely not the best
source of wisdom]. I’m not sure how to properly handle this, `loginctl
attach` might be enough or you might have to write an udev rule. In the
latter case Fedora probably has what you need.)


> $ gpg2 --card-edit
>
> scdaemon[2242]: error sending PC/SC OPEN request: Broken pipe
> scdaemon[2242]: error sending PC/SC OPEN request: Broken pipe
> gpg: selecting openpgp failed: Card error
> gpg: OpenPGP card not available: Card error
>
> With ‘sudo’:
>
> $ sudo gpg2 --card-status
> gpg: selecting openpgp failed: Card not present
> gpg: OpenPGP card not available: Card not present
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150206/27dc3bff/attachment.html

More information about the nix-dev mailing list