[pkg-gnupg-maint] Bug#854595: Bug#854595: scdaemon: Yubikey smartcards (maybe others) are not recognized after update from 2.1.17-4 to 2.1.18-4

NIIBE Yutaka gniibe at fsij.org
Thu Feb 9 06:58:30 UTC 2017 

Hello,

Thank you for your reporting.

Camille MONCELIER <cmoncelier at sii.fr> wrote:
> After updating gnupg2 to 2.1.18-4, I'm unable to use my gpg keys stored on a
> Yubikey.
>
> I can easily reproduce the problem like this:

If you don't need PC/SC service, and when it can be your option, please
try using the internal CCID driver of GnuPG by configuring udev rules.

> 2017-02-08 15:17:24 scdaemon[11764] DBG: chan_5 <- SERIALNO openpgp
> 2017-02-08 15:17:24 scdaemon[11764] DBG: apdu_open_reader: BAI=10901
> 2017-02-08 15:17:24 scdaemon[11764] DBG: apdu_open_reader: new device=10901
> 2017-02-08 15:17:24 scdaemon[11764] ccid open error: skip
> 2017-02-08 15:17:24 scdaemon[11764] DBG: chan_5 -> ERR 100696144 No such
> device
> <SCD>

This error is from the internal CCID driver of GnuPG.  It fails to
find a device because you don't have a configuration.

As I explained in:

    https://bugs.debian.org/854616

Until we fixed configuration (by adding an entry for Yubikey),
please have a udev rules like:

---------------- /etc/udev/rules.d/yubikey-neo-u2f-ccid.rules
ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0115", MODE="664", GROUP="plugdev"
----------------

And please add yourself as a group member of "plugdev".

In my case, I have this line in /etc/group:

    plugdev:x:46:gniibe

The idProduct value is my guess.  Please confirm by lsusb command.

In my case:

    $ lsusb
    Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
    Bus 001 Device 009: ID 234b:0000  
    Bus 001 Device 008: ID 234b:0000  
    Bus 001 Device 007: ID 05e3:0608 Genesys Logic, Inc. Hub
    Bus 001 Device 003: ID 0489:e056 Foxconn / Hon Hai 
    Bus 001 Device 002: ID 1bcf:2c67 Sunplus Innovation Technology Inc. 
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

234b:0000 (idVendor = 234b, idProduct=0000) is my Gnuk Tokens.

And please reply back to us again, so that we can add a correct
entry for the configuration.
--

More information about the pkg-gnupg-maint mailing list