Page MenuHome GnuPG

Cannot use DNIe with gpg/2
Closed, ResolvedPublic


Description of problem:

DNIe is the official Spanish ID card, which includes an electronic smart card
with a PKCS#11 certificate.

I'm trying to use it to sign some PDF documents, but gpg is unable to contact
the card.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:

  1. Insert DNIe in slot.
  2. gpg2 --card-status

Actual results:

gpg: OpenPGP card not available: Not supported

Expected results:

Card available.

Additional info:

pcsc_scan works:
PC/SC device scanner
V 1.4.25 (c) 2001-2011, Ludovic Rousseau <>
Compiled with PC/SC lite version: 1.8.15
Using reader plug'n play mechanism
Scanning present readers...
0: Generic USB2.0-CRW [Smart Card Reader Interface] (20070818000000000) 00 00

Tue May 31 08:59:03 2016
Reader 0: Generic USB2.0-CRW [Smart Card Reader Interface] (20070818000000000) 00 00

Card state: Card inserted, Exclusive Mode, 
ATR: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **

+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)

TA(1) = 38 --> Fi=744, Di=12, 62 cycles/ETU
  64516 bits/s at 4 MHz, fMax for Fi = 8 MHz => 129032 bits/s
TB(1) = 00 --> VPP is not electrically connected
TC(1) = 00 --> Extra guard time: 0

+ Historical bytes: **

  Category indicator byte: 00 (compact TLV data object)
    Tag: 6, len: A (pre-issuing data)
      Data: ** ** ** ** ** ** ** ** **
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 03 (Initialisation state)
      SW: 9000 (Normal processing.)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):

DNI electronico (Spanish electronic ID card)

Event Timeline

This is not a bug; gpg tells you that this card is not supported:

  gpg: OpenPGP card not available: Not supported

In case this is an X.509 based card gpgsm _might_ be abale to use it but in most
cases dedicated support for eID cards needs to be added to the scdaemon component.

FWIW, PKCS#11 is not a certificate but a protocol on how some software
interfaces with each other.

werner claimed this task.
werner added projects: Not A Bug, Support, gnupg.

I saw that it says not supported, but DNIe is actually supported. I can use it
flawlessly with Firefox for instance.

Please see:


FireFox is not GnuPG and does not support the OpenPGP card.

As I said, the card may work with gpgsm because I once developed support for the
Belgian eID card. But it is likely to need some tweaking (gnupg/scd/app-p15.c)

Ah sorry I understood you were saying the bug is in OpenSC. Where can I report
to scdaemon? I can't find it.

scdaemon is part of GnuPG.
OpenSC is entirely unrelated to GnuPG.

Please take this to a mailing list (e.g. gnupg-users)