Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

OpenPGP Smartcard working with PGP/enigmail/ssh
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
rootusr
n00b
n00b


Joined: 28 Feb 2005
Posts: 6
PostPosted: Mon Jan 10, 2011 7:07 pm    Post subject: OpenPGP Smartcard working with PGP/enigmail/ssh Reply with quote
I bought one of the GnuPG SmartCards for PGP/SSH use and had one hell of a time getting it to work.
First, I had 2 card readers that weren't supported, then, the support for gpg-agent in gentoo isn't so hot right now.

To start off, you need the following packages installed
Code:

sys-apps/pcsc-lite-1.6.6  USE="usb" 0 kB
app-crypt/ccid-1.4.1-r2 [1.4.1-r1] USE="usb -twinserial" 3 kB
app-crypt/gnupg-2.0.16-r2  USE="bzip2 ldap nls pcsc-lite smartcard -adns -caps -doc -openct (-selinux) -static" 0 kB

Then, do not set pcsc-lite to start at system startup (it screws with GPG).
copy /lib/udev/rules.d/99-pcscd-hotplug.rules to /etc/udev/rules.d

add the file /etc/X11/xinit/xinitrc.d/40-gpg-agent with the following contents
Code:
gpgagent="`which gpg-agent 2>/dev/null`"
if [ -n "$gpgagent" ] && [ -x "$gpgagent" ] && [ -z "$GPG_AGENT_INFO" ]; then
   echo "Starting gpg-agent"
   command="$gpgagent --daemon $command"


and that lets gpg-agent take over ssh stuff.

finally, my ~/.gnupg/gpg-agent.conf file looks like this
Code:

pinentry-program /usr/bin/pinentry-gtk-2
default-cache-ttl 900
enable-ssh-support
write-env-file
Back to top
View user's profile Send private message
paulbiz
Guru
Guru


Joined: 01 Feb 2004
Posts: 508
Location: St. Louis, Missouri, USA
PostPosted: Sun Jan 01, 2012 12:35 am    Post subject: Reply with quote
Sorry to bump this old thread... I'm trying to do the same thing. So far I can make it work with GPG, or Enigmail, but not both, and it never works with GNU Privacy Assistant... wonder if you learned any new tricks in the past year :) Thanks.

Update: got it working now... followed above instructions, except delete 99-pcscd-hotplug.rules from my udev rules.d and ensure pcscd is not running. GnuPG 2.0.18 has built-in support for my cardreader now. After that, biggest confusion came from multiple instances of gpg-agent. Ensure there is only one (the new one :)) and then it works from commandline, enigmail and GPA.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy