Page MenuHome GnuPG

OpenPGP card no longer accessible
Closed, ResolvedPublic

Description

I've been using a Crypto Stick (OpenPGP card 2.0 + CCID reader) for a couple of
days on Archlinux. It worked out of the box so I didn't bother with adding a new
udev rule (and I was planning to test the pkcs#1 module). My system runs ccid
1.4.0 and pcsclite 1.6.4. I've been able to use the card, change pin and
transfer keys without problems. Now it stopped working for now reasons. gpg-card
--status reports that no card is present. Below are the traces from pcscd and
pcsc_scan:

pcscd trace

00000000 debuglog.c:277:DebugLogSetLevel() debug level=debug
00000260 configfile.l:242:DBGetReaderListDir() Parsing conf directory:
/etc/reader.conf.d
00000028 configfile.l:284:DBGetReaderList() Parsing conf file:
/etc/reader.conf.d/libccidtwin
00000069 pcscdaemon.c:533:main() pcsc-lite 1.6.4 daemon ready.
00492035 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x8087,
PID: 0x0020
00001634 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x1D6B,
PID: 0x0002
00004130 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x8087,
PID: 0x0020
00001245 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x17EF,
PID: 0x4816
00001246 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x17EF,
PID: 0x4816
00001681 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x0A5C,
PID: 0x217F
00001253 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x0A5C,
PID: 0x217F
00001263 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x0A5C,
PID: 0x217F
00001263 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x0A5C,
PID: 0x217F
00001680 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x147E,
PID: 0x2016
00002047 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x1D6B,
PID: 0x0002
07789211 hotplug_libhal.c:320:get_driver() Looking a driver for VID: 0x20A0,
PID: 0x4107
00000023 hotplug_libhal.c:368:HPAddDevice() Adding USB device:
usb_device_20a0_4107_noserial_if0
01001020 readerfactory.c:959:RFInitializeReader() Attempting startup of German
Privacy Foundation Crypto Stick v1.2 00 00 using /usr/lib/pcsc/drivers/ifd-
ccid.bundle/Contents/Linux/libccid.so
00000234 readerfactory.c:849:RFBindFunctions() Loading IFD Handler 3.0
00000035 ifdhandler.c:1739:init_driver() Driver version: 1.4.0
00000352 ifdhandler.c:1752:init_driver() LogLevel: 0x0003
00000305 ifdhandler.c:1772:init_driver() DriverOptions: 0x0000
00000010 ifdhandler.c:83:IFDHCreateChannelByName() lun: 0, device:
usb:20a0/4107:libhal:/org/freedesktop/Hal/devices/usb_device_20a0_4107_noserial_
if0
00000333 ccid_usb.c:252:OpenUSBByName() Manufacturer: Ludovic Rousseau
(ludovic.rousseau@free.fr)
00000297 ccid_usb.c:262:OpenUSBByName() ProductString: Generic CCID driver
00000328 ccid_usb.c:268:OpenUSBByName() Copyright: This driver is protected by
terms of the GNU Lesser General Public License version 2.1, or (at your option)
any later version.
00135525 ccid_usb.c:498:OpenUSBByName() Found Vendor/Product: 20A0/4107 (German
Privacy Foundation Crypto Stick v1.2)
00000018 ccid_usb.c:500:OpenUSBByName() Using USB bus/device: 1/13
00000573 ccid_usb.c:917:get_data_rates() IFD does not support GET_DATA_RATES
request: -9
00001380 ifdhandler.c:409:IFDHGetCapabilities() tag: 0xFB0,
usb:20a0/4107:libhal:/org/freedesktop/Hal/devices/usb_device_20a0_4107_noserial_
if0 (lun: 0)
00000010 readerfactory.c:276:RFAddReader() Using the reader polling thread
00000407 ifdhandler.c:409:IFDHGetCapabilities() tag: 0xFAE,
usb:20a0/4107:libhal:/org/freedesktop/Hal/devices/usb_device_20a0_4107_noserial_
if0 (lun: 0)
00000017 ifdhandler.c:497:IFDHGetCapabilities() Reader supports 1 slot(s)
00000545 ifdhandler.c:1159:IFDHPowerICC() action: PowerUp,
usb:20a0/4107:libhal:/org/freedesktop/Hal/devices/usb_device_20a0_4107_noserial_
if0 (lun: 0)
00951614 Card ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00
0C

pcsc_scan trace

PC/SC device scanner
V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.6.4
Scanning present readers...
0: German Privacy Foundation Crypto Stick v1.2 00 00

Thu Oct 7 21:56:49 2010
Reader 0: German Privacy Foundation Crypto Stick v1.2 00 00

Card state: Card inserted, 
ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C

ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
+ TS = 3B --> Direct Convention
+ T0 = DA, Y(1): 1101, K: 10 (historical bytes)

TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
  129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
TC(1) = FF --> Extra guard time: 255 (special value)
TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1

TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1

TA(3) = FE --> IFSC: 254
TB(3) = 75 --> Block Waiting Integer: 7 - Character Waiting Integer: 5
TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes

following

TA(4) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A

5V B 3V
+ Historical bytes: 00 31 C5 73 C0 01 40 00 90 00

Category indicator byte: 00 (compact TLV data object)
  Tag: 3, len: 1 (card service data byte)
    Card service data byte: C5
      - Application selection: by full DF name
      - Application selection: by partial DF name
      - EF.DIR and EF.ATR access services: by GET DATA command
      - Card without MF
  Tag: 7, len: 3 (card capabilities)
    Selection methods: C0
      - DF selection by full DF name
      - DF selection by partial DF name
    Data coding byte: 01
      - Behaviour of write functions: one-time write
      - Value 'FF' for the first byte of BER-TLV tag fields: invalid
      - Data unit in quartets: 2
    Command chaining, length fields and logical channels: 40
      - Extended Lc and Le fields
      - Logical channel number assignment: No logical channel
      - Maximum number of logical channels: 1
  Mandatory status indicator (3 last bytes)
    LCS (life card cycle): 00 (No information given)
    SW: 9000 (Normal processing.)

+ TCK = 0C (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B DA 18 FF 81 B1 FE 75 1F 03 00 31 C5 73 C0 01 40 00 90 00 0C
GnuPG card V2

Details

Version
1.4.10

Event Timeline

alphazo added projects: gnupg, Bug Report.
alphazo added a subscriber: alphazo.
alphazo claimed this task.

Shame on me. I have use_agent in my gpg.conf but don't have the gpg-agent
started. Commenting out this line gave me access to the card again. This is weird
because earlier today I would get a simple warning about missing gpg-agent and
that /tmp/xxx is not available.

The problem was an old /tmp/keyring-RT77ms which contained three file: control,
gpg and pkcs11. I think this happened when I had both an Openpgp card and a
PKCS#11 plugged in at the same time. At that time I ran a gpg --card-status and I
could see that two cards were detected but I was not able to access the OpenPGP
one.