Login

Recent searches

No recent searches

Search options

Only available when logged in.
treehouse.systems is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community of friends mostly surviving in the technology industry. If you sign up, please provide a Twitter, GitHub, or personal blog or website link for us to get to know you better.

Administered by:

Server stats:

526
active users

treehouse.systems: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.0-alpha.5+glitch.th

Jarkko Sakkinen
Public

For gpg-agent I have the following entries in ~/.gnupg:

gpg-agent.conf
gpg-agent.conf.darwin
gpg-agent.conf.linux-gnu

In a new installation the correct configuration can be deployed as follows:

cp ~/.gnupg/gpg-agent.conf.$OSTYPE ~/.gnupg/gpg-agent.conf
*
Jarkko Sakkinen
Public

At least in Fedora, also shared a access configuration needs to be defined in ~/.gnupg/scdaemon.conf:

# See for further information:
# https://github.com/OpenSC/OpenSC/wiki/GnuPG-and-OpenSC
card-timeout 5
disable-ccid
pcsc-shared

Otherwise, the earlier script needs to be run separately for each boot as a workaround. In OpenSUSE, I guess the defaults are different, given that everything just works without this extra configuration.

GitHubGnuPG and OpenSCOpen source smart card tools and middleware. PKCS#11/MiniDriver/Tokend - OpenSC/OpenSC
vbabka
Public
@jarkko wait, I never got gpg and pcscd (for yubi auth) working reliably together (in opensuse) so did things get finally fixed?
Jarkko Sakkinen
Public
@vbabka I've tested these myself in OpenSUSE and Fedora. I'd try both #1 and #3 from previous. In Fedora after boot it was not otherwise working right off the bat.
vbabka
Public
@jarkko hm so, gpg --card-status wouldn't work unless I add the scdaemon.conf stuff, as I'd expect given past attempts. Now the question is, will it work reliably, my previous experience is it starts working but then fails. Note I have uptodate openSUSE Tumbleweed.

BTW, you mention also gpg-agent.conf, anything special there?

On the yubikey side, yubioath 5.1 (the latest packaged) doesn't work regardless of pcscd running. That's weird, it used to. 7.0 downloaded manually seems to work (and stops once I stop pcscd so it does use it still), so it's hopefully just a matter of packaging. Wonder if there's a command line variant for the OTP's...
vbabka
Public
@jarkko yeah and after a while of running, back to the usual

> gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

sigh
Sven Peter
Public

@vbabka @jarkko same experience I had on a bunch of distributions and on macOS: after some arcane setup it works for a while but then starts failing after the nth signature and/or after some time. luckily replugging the yubikey and restarting gpg-agent usually fixed those issues 😔

vbabka
Public
@sven @jarkko you mean also with pcscd service running? Without it, it's pretty stable for me.
Sven Peter
Public

@vbabka @jarkko oh, I didn’t read the full context. yeah, even without pcscd running it sometimes just stops working when using gpg‘s ssh-agent socket to use my authentication subkeys

*
vbabka
Public
@sven @jarkko I've noticed after using u2f on the key, the first gpg will ask for pin again, so maybe there's some reset involved
Sven Peter
Public

@vbabka @jarkko I wonder if that’s what triggers the failure for me and I just thought it happened after N signatures instead of after a u2f interaction that I did inbetween

Explore
About