Cannot use DNIe with gpg/2
Closed, ResolvedPublic

Description

Description of problem:

DNIe is the official Spanish ID card, which includes an electronic smart card
with a PKCS#11 certificate.

I'm trying to use it to sign some PDF documents, but gpg is unable to contact
the card.

Version-Release number of selected component (if applicable):

gnupg-1.4.20-1.fc23.x86_64
gnupg2-2.1.11-1.fc23.x86_64
opensc-0.15.0-4.fc23.x86_64
pcsc-tools-1.4.25-1.fc23.x86_64
pcsc-lite-ccid-1.4.20-1.fc23.x86_64
gnupg2-smime-2.1.11-1.fc23.x86_64

How reproducible:

Steps to Reproduce:

  1. Insert DNIe in slot.
  2. gpg2 --card-status

Actual results:

gpg: OpenPGP card not available: Not supported

Expected results:

Card available.

Additional info:
specs: http://www.dnielectronico.es

pcsc_scan works:
PC/SC device scanner
V 1.4.25 (c) 2001-2011, Ludovic Rousseau <ludovic.rousseau@free.fr>
Compiled with PC/SC lite version: 1.8.15
Using reader plug'n play mechanism
Scanning present readers...
0: Generic USB2.0-CRW [Smart Card Reader Interface] (20070818000000000) 00 00

Tue May 31 08:59:03 2016
Reader 0: Generic USB2.0-CRW [Smart Card Reader Interface] (20070818000000000) 00 00

Card state: Card inserted, Exclusive Mode, 
ATR: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** **

ATR:
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)

TA(1) = 38 --> Fi=744, Di=12, 62 cycles/ETU
  64516 bits/s at 4 MHz, fMax for Fi = 8 MHz => 129032 bits/s
TB(1) = 00 --> VPP is not electrically connected
TC(1) = 00 --> Extra guard time: 0

+ Historical bytes: **

  Category indicator byte: 00 (compact TLV data object)
    Tag: 6, len: A (pre-issuing data)
      Data: ** ** ** ** ** ** ** ** **
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 03 (Initialisation state)
      SW: 9000 (Normal processing.)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):



DNI electronico (Spanish electronic ID card)
http://www.dnielectronico.es

yajo added a subscriber: yajo.
werner added a subscriber: werner.Jun 1 2016, 2:07 PM

This is not a bug; gpg tells you that this card is not supported:

  gpg: OpenPGP card not available: Not supported

In case this is an X.509 based card gpgsm _might_ be abale to use it but in most
cases dedicated support for eID cards needs to be added to the scdaemon component.

FWIW, PKCS#11 is not a certificate but a protocol on how some software
interfaces with each other.

werner closed this task as Resolved.
werner claimed this task.
yajo added a comment.Jun 5 2016, 12:20 PM

I saw that it says not supported, but DNIe is actually supported. I can use it
flawlessly with Firefox for instance.

Please see:
https://github.com/OpenSC/OpenSC/wiki/DNIe-%28OpenDNIe%29#update-2013-08-27
https://github.com/OpenSC/OpenSC/issues/774#issuecomment-222468916

Thanks!

yajo reopened this task as Open.Jun 5 2016, 12:20 PM

FireFox is not GnuPG and does not support the OpenPGP card.

As I said, the card may work with gpgsm because I once developed support for the
Belgian eID card. But it is likely to need some tweaking (gnupg/scd/app-p15.c)

yajo added a comment.Jun 6 2016, 9:47 AM

Ah sorry I understood you were saying the bug is in OpenSC. Where can I report
to scdaemon? I can't find it.

werner closed this task as Resolved.Jun 13 2016, 12:31 PM

scdaemon is part of GnuPG.
OpenSC is entirely unrelated to GnuPG.

Please take this to a mailing list (e.g. gnupg-users)