Le 22/03/2019 à 23:02, Joerg Jaspert a écrit :
Package: pcscd
Version: 1.8.24-1
Severity: important
Dear Maintainer,
Hello,
I know the title is confusing, so here:
I have a yubikey that got a gpg key on it. Worked perfectly fine in
stretch. Now it does not work half the time.
Thing is: If I plug the yubikey *BEFORE* anything that tries to get data
from it - it works perfectly.
If I do NOT plug the yubikey and start such an action (gpg sign for
example) - it does NOT work until I issue a sudo /etc/init.d/pcscd
restart.
So using a gpg decryption example: If I insert the yubikey first, then
start a gpg decryption, a dialog box opens for me to enter the pin. I
do, press enter, then press yubikey, all fine.
If I do NOT insert the yubikey and start the gpg decryption, a dialog
box with ok/cancel buttons opens saying "Please insert card XXXX YYYY".
I can insert the yubikey and press OK, it doesnt care, it asks again.
And continues asking until I cancel *OR* sudo restart pcscd. After the
sudo restart it happily talks to the yubikey and lets me enter pin,
press yubikey and done.
I think I found the problem.
In my case "gpg --card-status" works only if pcscd is NOT running.
GnuPG has its own way to access the smart card readers (here a yubikey)
I propose two possible solutions:
1. remove pcscd from your system but that is a drastic change. No PC/SC
application will work any more.
2. configure scdaemon to NOT use its internal CCID driver but use the PC/SC
interface instead
To make option 2 just edit/create the scdaemon configuration file as bellow:
$ cat ~/.gnupg/scdaemon.conf
disable-ccid
I think the problem could be reassigned to scdaemon package.
Maybe scdaemon could use PC/SC by default. And switch to its internal CCID
driver only if PC/SC is not available?
Bye
--
Dr. Ludovic Rousseau
