If you have seahorse installed on Ubuntu 8.04, you have to use the option --no-use-agent to access the card as non root user:
$ gpg --card-status --no-use-agent

Or simply change your .gnupg/gpg.conf: replace "use-agent" with "no-use-agent" and it will work fine.

You also don't need to install pcscd to have it working as non root user!

Omnikey Cardman 3121 USB
[Ubuntu 7.14, kernel 2.6.22-14, GnuPG 1.4.6]

After doing as described in the HowTo ["Setting up your card reader on GNU/Linux (udev)"], my Omnikey Cardman 3121 USB works, but *only* if 'root'.

After installing these packages:
- libccid
- libpcsclite1
- pcscd
It works *perfectly* also for normal users.

Regards,
alexus

The solution for the Cardman 4000 and GnuPG is as follows:

Use OpenCT as driver for PC/SC-lite and add the following rule to gnupg-ccid.rules

SUBSYSTEM=="cardman_4000", ACTION=="add", GROUP="scard", MODE="0660"

You need an up to date kernel with the cardman4000_cs driver and you should make sure not to have the reader in the slot during boot or suspend. I have seen failures in combination with gpg-agent as well.

Enjoy...

With fellow chrysn's help, I've created a shell script that performs all the steps described in this howto. If you want to try it, have a look at my folder on fsfe.org.

On an Ubuntu 7.04, kernel 2.6.20.

The SCR 335 works perfectly after installing these packages:
libccid
libpcsclite1
pcscd

i have a gnupg 1.4.7 version

Hi,
I put togheter some how to:
https://www.fsfe.org/en/fellows/tyrael/fsfe_card_complete_gnupg_ssh_login_how_to
Bye

Thanks a lot for the comments about needing these packages. It would be really great if this howto and the one hosted on www.gnupg.org could be updated.

I've just written a pretty nice tutorial on how to manage a SCR335 card reader under a Debian-based distro which uses Udev.
Give it a read, and leave me a feedback :-)

Does anybody know how to force Kubuntu 6.06 to recognize a ITSEC CardMan 4000 card reader?

I'm getting the following error message.

alex@alex-laptop:~$ gpg --card-status
gpg: pcsc_connect failed: unknown reader (0x80100009)
gpg: card reader not available
gpg: card OpenPGP not available: general error
alex@alex-laptop:~$

Thanx in advance

BTW: the card reader and the smart card work fine under WinXP on the same laptop so the HW must be OK.

after folloowing the howto, and the suggests from Karsten, i also had to install these packages
libccid
pcscd

and now everything runs perfectly

cheers

Hi, I'm a new fellow (since today :-)) and I've just bought a SCR 335 here at the conference in Bolzano (Italy), but I can't use the reader as non-root user:



bodom_lx@hydra:~$ /usr/bin/gpg --card-status

winscard_clnt.c:320:SCardEstablishContextTH() Cannot open public shared file: /var/run/pcscd.pub

gpg: pcsc_establish_context failed: no service (0x8010001d)

gpg: card reader not available

gpg: card OpenPGP non disponibile: errore generale



May someone help a poor new fellow? Thanks

EDIT: it works after having installed pcsc-tools and pcscd..Thanks anyway ;-)

This was a pita to figure out. I have multiple readers that pcsc supports(1 usb and 1 serial) to get it to work I needed to add the option "reader-port AseIIIeUSB 00 00" in my gpg.conf . If you do a gpg --card-status it will tell you the card reader strings that you can pick from. For example:

mike@koala ~ $ gpg --card-status
gpg: detected reader `Serial Reader 00 00'
gpg: detected reader `AseIIIeUSB 00 00'

hope this helps someone...

After doing an

emerge -uD world

on my Gentoo system, I found that the device at /dev/bus/usb/XXX/YYY wasn't owned by the group scard anymore and the file mode wasn't 0660 anymore. I tried to play around a bit but couldn't find a solution until I tried the scriptless configuration posted by andreaborgia. That one worked. I don't know why the script doesn't work anymore, but maybe the new udev version didn't pass the right device variable to the script. If anyone experiences a similiar problem, try the scriptless configuration.

Regards, gollo

On Ubuntu Dapper, after going through this howto, the card reader would work only with root privileges.

For my normal user, I got my card reader (SCR 335) running with the following fix (in addition to following the howto, of course):
As root, I created the file
/etc/udev/rules.d/smart_card.rules
and put the following into it:
SUBSYSTEM!="usb_device", GOTO="gnupg-ccid_rules_end"
SYSFS{idVendor}=="04e6", SYSFS{idProduct}=="5115", GROUP="scard", MODE="0660"
LABEL="gnupg-ccid_rules_end"

[note: For other models, you can find out the appropriate values for idVendor and idProduct with

$ cat /proc/bus/usb/devices
]
Then, I restarted udev

# /etc/init.d/udev restart


...and everything was fine for the moment. (Now I have to see how the integration with mutt rolls along.) After copying my gnupg and mutt config files, everything was peachy.

The above fix comes from http://lists.gnupg.org/pipermail/gnupg-users/2006-May/028630.html
Credits to af for his help.

However, all is not well: After reboot, udev is running, but fails to recognise the card reader. I can get it to work with


$ sudo /etc/init.d/udev restart



and then unplugging and replugging the card reader. But that's not very elegant, is it? Solutions appreciated.

...erm... installing libpcsclite-dev helped. *blush*

If you can verify that /proc/bus/usb/XXX/YYY has the right permissions, you also want to have a look at /dev/bus/usb/XXX/YYY/, which some udev based systems seem to create. That one is not caught by the current scripts -- so if someone could do an update for this, it would be very helpful.

I'm using Arch Linux with udev and having troubles installing my crypto card. As root gpg --card-status worked without problems, but when I tried to do the same thing as a normal user (who is in the scard group), I received an error indicating that GnuPG couldn't find my cardreader (something like "unknnown reader" or so). I played around with my system and found out that if I put the user in the root group, the whole thing worked. That brought me to the conclusion that the script from the website didn't change the group of the right device (maybe a problem with the $DEVICE variable?). Using inotify-tools I found the device I needed. chgrp scard ( being something like /dev/bus/usb/usb/) fixed the problem. Now comes the problem that I can't solve: The device's name varies depending on the USB port im using for the card reader.


Since I'm a newbie, I wanted to ask if someone has an idea how to solve that.

I did everythink as decribed in the howto (using udev). However,
gpg cannot access to chipcard. I tried various things, browsed email
archives etc. But without success. Is there anything more to do?
Restarting a service, or even rebooting the system?

I get the following error message:
gpg: pcsc_establish_context failed: no service (0x8010001d)
gpg: card reader not available
gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768

When I do a lsusb I get the following result:

Bus 001 Device 008: ID 04e6:e003 SCM Microsystems, Inc. SPR532 PinPad SmartCard Reader

Thus the reader is known.

Any more ideas?

Regards,
Werner D.

Hi,

After uninstalling pcscd because of compatibility problems, I don't get it working without root rights.
I have performed the steps described above and use Debian unstable.
gpg is version 1.4.3
my user is member of group scard
micha@Suppenschuessel:/etc/udev$ ls -l *gnupg*
-rw-r--r-- 1 root root 229 2006-05-21 12:49 gnupg-ccid.rules
micha@Suppenschuessel:/etc/udev$ ls -l scripts/*gnupg*
-rwxr-xr-x 1 root root 910 2006-05-21 12:55 scripts/gnupg-ccid
micha@Suppenschuessel:/etc/udev$ ls -l rules.d/*gnupg*
lrwxrwxrwx 1 root root 26 2006-05-21 12:55 rules.d/gnupg-ccid.rules -> /etc/udev/gnupg-ccid.rules

As root, I can start gpg --card-status as usual, but as normal user I get:
winscard_clnt.c:320:SCardEstablishContextTH() Cannot open public shared file: /var/run/pcscd.pub
gpg: pcsc_establish_context failed: no service (0x8010001d)
gpg: card reader not available
gpg: OpenPGP Karte ist nicht vorhanden: Allgemeiner Fehler

I've put together some instructions on getting gpg and gpg-agent working under MacOS X, and hence also the card. Please see http://www.py-soft.co.uk/~benjamin/download/mac-gpg/ for details.

... seems to be incompatible with pcsc-lite (and thus also with gpg).

It took me quite some time to figure that out, but after downgrading to firmware version 5.07 everything is working smoothly.

Just in case someone else stumbles accross the same problem.

Place the following snippet into /etc/udev/gnupg-ccid.rules:

-cut-
ACTION=="add", SUBSYSTEM=="usb_device", SYSFS{idVendor}=="04e6",
SYSFS{idProduct}=="e003", GROUP="scard", MODE="0660"
ACTION=="add", SUBSYSTEM=="usb_device", SYSFS{idVendor}=="04e6",
SYSFS{idProduct}=="5115", GROUP="scard", MODE="0660"
-cut-

You still need to create a "scard" group, of course, and add user(s) to it.