Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: devel

How should I detect if I've got a reader/smartcard combo?

 

 

GnuPG devel RSS feed   Index | Next | Previous | View Threaded


kgo at grant-olson

Jan 17, 2011, 9:29 PM

Post #1 of 3 (365 views)
Permalink
How should I detect if I've got a reader/smartcard combo?

I've got a working patch on my machine that lets me unplug my
reader/smartcard combo at will. But it still needs some cleanup on a
few things before I can send it to the list. There's one thing in
particular I'd appreciate some advice on.

Right now I detect when the device is removed by catching a change in
the slot status. When the slot status equals zero it looks like this
means the card has been removed. At that point I unload the reader.

This is working fine for me, but I imagine its less than ideal for a
stand-alone reader. I imagine we want to keep scdaemon attached to the
reader.

If it was just a cryptostick issue, I could just check the vendor id.
But I believe OmniKey and SCM both have similar devices. Can I query
through an existing scdaemon function to see if there's a reader
attached? Or look to see if a particular device exists? Or should I be
doing something else completely? Are there approaches that will work
better with Windows boxes? Etc...

I actually did order a reader and stand-alone card last week after
killing scdaemon one too many times, so I should be able to test both
configurations once those show up.

Any and all input is appreciated.

-Grant
Attachments: signature.asc (0.55 KB)


gniibe at fsij

Jan 18, 2011, 4:02 PM

Post #2 of 3 (338 views)
Permalink
Re: How should I detect if I've got a reader/smartcard combo? [In reply to]

Hi,

2011-01-18 14:29, Grant Olson wrote:
> I've got a working patch on my machine that lets me unplug my
> reader/smartcard combo at will. But it still needs some cleanup on a
> few things before I can send it to the list. There's one thing in
> particular I'd appreciate some advice on.

I think that I have something similar problem. I am using a USB Token
which I develop for myself.

My current solution was posted here:
http://lists.gnupg.org/pipermail/gnupg-devel/2010-November/025828.html

This is a patch to keep scdaemon running well.

These days, I rather think another approach would be better.

* scdaemon is going to exit when it detects reader unplugged

* gpg-agent handles terminate of scdaemon

* gpg-agent once again does "learn" when user accesses the card


In fact, I do like the following in my experiments manually:

(1) identify scdaemon and kill it

(2) let gpg-agent to "learn" again to invoke scdaemon again

$ gpg-connect-agent learn /bye
--

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel


kgo at grant-olson

Jan 18, 2011, 4:26 PM

Post #3 of 3 (341 views)
Permalink
Re: How should I detect if I've got a reader/smartcard combo? [In reply to]

On 1/18/11 7:02 PM, NIIBE Yutaka wrote:
>
> I think that I have something similar problem. I am using a USB Token
> which I develop for myself.
>
> My current solution was posted here:
> http://lists.gnupg.org/pipermail/gnupg-devel/2010-November/025828.html
>
> This is a patch to keep scdaemon running well.
>

I did try your patch. It didn't apply cleanly to the head of
STABLE-BRANCH-2.0 because of some changes. It was easy enough to figure
out how to manually merge, but it didn't seem to work for me at all with
some manual tests.

> These days, I rather think another approach would be better.
>
> * scdaemon is going to exit when it detects reader unplugged
>
> * gpg-agent handles terminate of scdaemon
>
> * gpg-agent once again does "learn" when user accesses the card
>

My fix does two things so far:

1) Closes the reader when the card is removed. This works fine for a
combo device, but I don't think we want to do this all the time.

2) Keeps the reader slots marked as invalid if we can't initialize any
device. Currently, if you run an operation without a card plugged in,
CCID intitialization fails. Then PC/SC initialization fails, but it
still leaves a slot open with a bad configuration. Because of this,
scdaemon no longer even tries to connect to CCID, and just complains it
can't find a card via the PC/SC driver.

There are two problems I still need to deal with.

1) Like I said, what do I do for a normal reader/card combo? I don't
think we want to kill that when the card is removed.

2) Now that the slots are invalid after you yank out the card, scdaemon
polls for the hardware in an infinite loop. It seems to me scdaemon
should try once and no more. If it can't find hardware, it should wait
until gpg-agent requests another operation before trying to re-detect
the reader.

If I get issue two taken care of, I'll post a patch so you can see how
it works with Gnuk.

--
Grant

"I am gravely disappointed. Again you have made me unleash my dogs of war."

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

GnuPG devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.