Hi,
I'm using GnuPG 2.0.14 and 1.4.10 on my Debian GNU/Linux system and recently got
a Cherry ST-2000U USB card reader with an integrated keypad. The reader works
more or less flawlessly, but when I need to enter my OpenPGP smartcard's PIN, I
can't do this with the keypad of the reader since the input is simply ignored.
Since I do not know what debbuging information is needed to sort out the
problem, I hereby ask for your advice. This is absolutely *not* urgent though.
Thanks,
Martin
BTW, to use the keyboard's integrated PINpad you need to use GnuPG's internal
CCID driver and not pcscd.
The card is version 2.0. The USB device ID of the reader (it's not a keyboard,
but only a reader with keypad) is 046a:003e ("Cherry GmbH SmartTerminal
ST-2xxx"). I tried to run gpg --card-status without pcscd running, but then I
got this error: gpg: selecting openpgp failed: ec=6.108
According to the descriptor as shown at
http://pcsclite.alioth.debian.org/readers/CherrySmartTerminalST2XXX.txt
The reader should not suffer from the Omnikey based problem (as the Cherry
keyboards do) because it uses TPDU level exchange.
However, access to the PINpad is only possible with the internal CCID driver and
it needs to be enabled in the source for each model. See scd/ccid-driver.c,
function ccid_transceive_secure. There cherry is enabled but a hack for the
keyboards is used - you may try to set cherry_mode to 0 to disable this hack.
If you are not using gpg-agent and scdaemon, you find that code in in
gnupg/g10/ccid-driver.c. It is also helful to enable ccid driver debugging by
using the option debug-ccid-driver in gpg.conf or scdaemon.conf.
I now tried to disable pcscd and run scdaemon with the debug-ccid-driver option.
It seems scdaemon simply does not find the reader without pcscd:
scdaemon[16677]: DBG: ccid-driver: failed to open `/dev/cmx0': No such file or
directory
scdaemon[16677]: DBG: ccid-driver: failed to open `/dev/cmx1': No such file or
directory
scdaemon[16677]: DBG: ccid-driver: no CCID reader with number 0
scdaemon[16677]: PC/SC OPEN failed: no service
Because of that, GnuPG stops to work too and I get errors like the following:
gpg: selecting openpgp failed: Card error
gpg: signing failed: Card error
gpg: signing failed: Card error
So I guess I will try to build scdaemon without that hack you mentioned when I
find the time for it.
Thanks for your help!
I tried to set cherry_mode to 0 and build GnuPG including gpg-agent and
scdaemon, but I couldn't get it to work nonetheless. Any further ideas?
Thanks,
Martin
Check the permissions of the the device /dev/bus/usb/.... or /proc/bus/usb - you
need read and write access to the device.
That was of course the first thing I checked. I have a udev rule that sets the
permissions. It doesn't work as root either. I also tried to install some
(proprietary, I think, but there was no licence file) Cherry driver from their
website, but this didn't change anything either.
I have meanwhile switched to Gentoo on my notebook and tried again. The problem
still exists in 2.0.16. At first, the reader didn't work at all without pcscd,
but when I edited the source code so cherry_mode is not being set to 1, I could
at least use the reader again. The keypad is still being ignored though.
By now, I'm running GnuPG 2.0.17 on Gentoo. The card reader completely stopped
working after upgrading to pcsc-lite 1.6.6. I tried to install GnuPG without the
pcsc-lite USE flag, but this didn't change anything either.
If somebody wants to work on the problem and needs a reader for that, I'm
willing to send it by snail mail.
This bug report is quite old and a lot of code has been improved. Thus please
re-open it if it persists with 2.1.3.