SSH on MacOSX with Cryptocard and gpg-agent
pc
|
Tuesday 27 March 2007
|
I tried to install my openpgp Cryptocard following these instructions:
"I tried to install my OpenGPG-Cryptocard following these instructions:
http://www.py-soft.co.uk/~benjamin/download/mac-gpg/
But encountered this:
$ gpg --card-status --debug-ccid-driver
(...)
gpg: DBG: ccid-driver: usb_claim_interface failed: -16
gpg: detected reader `CCID Smart Card Reader 0 0'
gpg: pcsc_connect failed: sharing violation (0x8010000b)
gpg: card reader not available
(...)
To get rid of these errors, all I had to do was to install the newest Driver for my SCR335.
www.scmmicro.com/support/pcs_product_drivers.html
somewhat peculiar, kind of a bug: when
$ gpg: decryption failed: secret key not available
occurs but you are sure u ve ur secretkey on ur card, type:
$ gpg --card-status
and try decrypting again. Seems that from time to time the cryptocard has to be pushed to come alive.
_________________
so now that there is crypting with the card possible, it would be cool to use ssh with the card. That was my first idea, anyhow. We need a manual:
> There is no man page. Use "info gnupg".
Good to know, because DarwinPorts page suggests 'man gpg' which isnot available.
After some time I have a working gpg-agent ssh connection via cryptocard on machineA. But still not on machineB:
$ ssh-add -l
The agent has no identities.
Enabled debugging of the gpg-agent and get this:
gpg-agent[3452] Fehler beim Holen der Authentisierungsschlüssel-ID der Karte: General error
(This is a fine Word ("Authentisierungsschlüssel") searchEngines didnot find one entry in context with "gpg" ) and
gpg-agent[3732] new connection to SCdaemon established (reusing)
gpg-agent[3732.9] DBG: -> ERR 100663356 ec=6.60
Another difference between A and B is that on A there is a file 'reader_0.status' in .gnupg/ where on B it is not. Again, i didnot found a hint on the net, but on an other machine there was this file too. So it seems to be meaningful... where does it come from? I copied the working .gnupg/ and .ssh/ from A to B, but this doesnot help.
machineA , the good one: G4 iBook, MacOsX 10.4.8 :
$ gpg --version
gpg: NOTE: old default options file `.gnupg/options' ignored
gpg (GnuPG) 1.4.6
$ gpg2 --version
gpg (GnuPG) 1.9.20
$ gpg-agent --version
gpg-agent (GnuPG) 1.9.20
$ gpgsm --version
gpgsm (GnuPG) 1.9.20
machineB the bad one: Dual Core MacBook Pro, MacOsX 10.4.8 :
$ gpg --version
gpg: NOTE: old default options file `.gnupg/options' ignored
gpg (GnuPG) 1.4.6
$ gpg-agent --version
gpg-agent (GnuPG) 2.0.2
$ gpgsm --version
gpgsm (GnuPG) 2.0.2
$ gpg2 --version
gpg: Hinweis: Alte voreingestellte Optionendatei '.gnupg/options' wurde ignoriert
gpg (GnuPG) 2.0.2
The File '.gnupg/options' is empty on both machines.
It shouldnot be likely: is this because of GnuPG 2.0.2 ?!
This document is in public domain
