Page MenuHome GnuPG
Create Task
Maniphest T5066

Multiple smartcard (reader) / app support in Kleopatra
Closed, ResolvedPublic
Actions

Description

Kleopatra currently only supports one smartcard.
This is basically just the smartcard that you get with "gpg --card-edit"

GnuPG supports multiple smartcards / readers at once and I think that this is also a use case that Kleopatra should support.

So the smartcard management should have support for different smartcards with different apps.

Caution for testing: I recently noticed that GnuPG stable did not support more then four smartcard readers at once. For that 0e721b635d6105e1a5b443684116fb9edfe77f92 is needed.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA4ded5af09c3f Make smartcard management work with GnuPG 2.2.x
rKLEOPATRAe084c2a2642e Use a more modern approach to watch for smartcard removal
rKLEOPATRA218096f8a1f9 Add the card holder to the card labels shown for the tabs
rKLEOPATRA81569bb8405f Ask user for target card if multiple cards are suitable for key to card
rKLEOPATRA00b7174ee7df Use the display serial number provided by the card
rKLEOPATRA57cf71b043d1 Show nicer serial numbers for OpenPGP cards and Yubikeys
rKLEOPATRAbbe8d775440f Show nicer card/app labels for the card/app tabs
rKLEOPATRA762726ce6ee6 Show UI for all inserted cards in tabs
rKLEOPATRAff3e79e6cd63 Improve handling of "card not present" situation
rKLEOPATRAd292d1dcdb21 Ensure that we use the correct card app if a card provides multiple apps
rKLEOPATRA50237dc66f76 Ensure that card command is run for correct card and app
rKLEOPATRAf1fff030e342 Get information about all inserted cards and their apps from scdaemon
rKLEOPATRA52c3759c52ed Work directly with the app names instead of an app type enum
rKLEOPATRA7435acce3c6c Pass the card/app to work on to the functions triggering a card command
rKLEOPATRA044244a47c1f Make SetInitialPinCommand work on a card with given serial number
rKLEOPATRA6eac9b662b35 Track first card with Null PIN instead of general "any card has Null PIN"
rKLEOPATRA32c6f48bdf81 Derive all card commands from CardCommand and CardCommand from Command
rM GPGME
rM74c8131d809b cpp: Add support for gpgme_cancel
rMff23e24063fe Add Assuan transaction that forwards status lines to another object

Related Objects
Search...

Event Timeline

aheinecke created this task.Sep 15 2020, 11:48 AM
ikloecker added a commit: rKLEOPATRA32c6f48bdf81: Derive all card commands from CardCommand and CardCommand from Command.Sep 30 2020, 5:30 PM
ikloecker added a commit: rKLEOPATRA6eac9b662b35: Track first card with Null PIN instead of general "any card has Null PIN".
ikloecker added a commit: rKLEOPATRA044244a47c1f: Make SetInitialPinCommand work on a card with given serial number.
ikloecker added a commit: rKLEOPATRA52c3759c52ed: Work directly with the app names instead of an app type enum.
ikloecker added a commit: rKLEOPATRA7435acce3c6c: Pass the card/app to work on to the functions triggering a card command.
ikloecker added a commit: rKLEOPATRA50237dc66f76: Ensure that card command is run for correct card and app.
ikloecker added a commit: rKLEOPATRAf1fff030e342: Get information about all inserted cards and their apps from scdaemon.
ikloecker added a commit: rKLEOPATRAd292d1dcdb21: Ensure that we use the correct card app if a card provides multiple apps.Oct 1 2020, 12:45 PM
ikloecker added a commit: rKLEOPATRAff3e79e6cd63: Improve handling of "card not present" situation.Oct 7 2020, 5:11 PM
ikloecker added a commit: rKLEOPATRA762726ce6ee6: Show UI for all inserted cards in tabs.
ikloecker added a commit: rKLEOPATRAbbe8d775440f: Show nicer card/app labels for the card/app tabs.
ikloecker added a commit: rKLEOPATRA00b7174ee7df: Use the display serial number provided by the card.Oct 8 2020, 1:34 PM
ikloecker added a commit: rKLEOPATRA57cf71b043d1: Show nicer serial numbers for OpenPGP cards and Yubikeys.
ikloecker added a commit: rKLEOPATRA81569bb8405f: Ask user for target card if multiple cards are suitable for key to card.Oct 9 2020, 12:24 PM
ikloecker added a commit: rKLEOPATRA218096f8a1f9: Add the card holder to the card labels shown for the tabs.Oct 12 2020, 10:09 AM
ikloecker changed the task status from Open to Testing.Oct 13 2020, 10:09 AM

Kleopatra does now support using multiple smartcards with multiple apps concurrently (at least as far as the backend scdaemon supports this). Only tested with master of everything so far.

ikloecker reassigned this task from ikloecker to aheinecke.Oct 13 2020, 10:10 AM
ikloecker added a subscriber: ikloecker.
ikloecker added a commit: rKLEOPATRAe084c2a2642e: Use a more modern approach to watch for smartcard removal.Oct 23 2020, 1:59 PM
ikloecker added a commit: rMff23e24063fe: Add Assuan transaction that forwards status lines to another object.Oct 23 2020, 2:33 PM
ikloecker added a commit: rM74c8131d809b: cpp: Add support for gpgme_cancel.
ikloecker mentioned this in T5130: Kleopatra: Generating OpenPGP keys on Yubikey (with PIV enabled) fails with "General error".Nov 11 2020, 11:47 AM
ikloecker added a commit: rKLEOPATRA4ded5af09c3f: Make smartcard management work with GnuPG 2.2.x.Nov 11 2020, 3:50 PM
aheinecke added a comment.Nov 30 2020, 2:18 PM

I am running in a setup where my GnuPG 2.3 is connected to a gpg-agent / scdaemon running at GnuPG 2.2.12.

Sadly, this can happen in the real world because the gpg-agent socket can be forwarded. This may break in that case but for me Kleopatra now runs in an endless start / poll loop:

14:00:32.241 org.kde.pim.kleopatra: Kleo::DeviceInfoWatcher::Worker::start DeviceInfoWatcher::Worker::start: Assuan transaction for SCD DEVINFO --watch started
14:00:32.241 org.kde.pim.kleopatra: Kleo::DeviceInfoWatcher::Worker::poll DeviceInfoWatcher::Worker::poll: context finished with Success (code: 0, source: Unspecified source)
14:00:32.241 org.kde.pim.kleopatra: Kleo::DeviceInfoWatcher::Worker::start DeviceInfoWatcher::Worker::start: Assuan transaction for SCD DEVINFO --watch started
14:00:32.241 org.kde.pim.kleopatra: Kleo::DeviceInfoWatcher::Worker::poll DeviceInfoWatcher::Worker::poll: context finished with Success (code: 0, source: Unspecified source)

The problem here is that:

> getinfo version
D 2.2.12
OK
> scd getinfo version
D 2.2.12
OK
> SCD DEVINFO --watch
ERR 100663571 Unknown IPC command <SCD>

I think the unknown IPC command error is somehow lost in our layers.

Looking at the code I think that either the gpgme_wait in Context::poll should return this error or the Context::startAssuanTransaction should return this error. I'm not sure where it is lost. I don't think we need to support this setup but we should at least figure out where the error is lost.

aheinecke added a subtask: T5273: Release Gpg4win 4.x.x.Jan 28 2021, 10:41 AM
aheinecke closed this task as Resolved.Apr 21 2021, 8:29 AM

I'm currently working with Kleopatra and 2.3 and it works nicely.

aheinecke closed subtask T5273: Release Gpg4win 4.x.x as Resolved.May 9 2022, 9:29 AM