Mailing List Archive: GnuPG: users

How to make GPG release the token?

Index | Next | Previous | View Threaded

quannguyen at mbm

Apr 25, 2012, 9:49 PM

Post #1 of 9 (558 views)
Permalink

How to make GPG release the token?

Hello all,

I'm using GnuPG and OpenSC to test my token. Each time I've done using
GPG, the OpenSC cannot access the token. I have to reboot the computer
to use OpenSC.

There is a way to make the GnuPG release the token completely after use?

--
Regards,
Quân

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

david at gbenet

Apr 25, 2012, 11:03 PM

Post #2 of 9 (540 views)
Permalink

Re: How to make GPG release the token? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26/04/12 05:49, Nguyễn Hồng Quân wrote:
> Hello all,
>
> I'm using GnuPG and OpenSC to test my token. Each time I've done using
> GPG, the OpenSC cannot access the token. I have to reboot the computer
> to use OpenSC.
>
> There is a way to make the GnuPG release the token completely after use?
>
Hello Quan,

I'm a little unclear what you mean by 'token?' You mean the passphrase? I know that Linux
Mint Ubuntu Debian has problems with rebooting when programmes are in memory.May be your
Smart Card is not compatible with OpenSC? Anyhow without knowing exactly what you mean by
token am at a loss.

David

- --
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.
Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.”
https://linuxcounter.net/user/512854.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPmOU+AAoJEOJpqm7flRExp+0H/jLREtDPoh23MrQAdL8srpYm
ew+Jklx7+e+9irN/VLQI7m5pIKgnBRpnRFvirn1Wh7iSV5pNARriUBu5hNC2dqH+
CD7gGQTAjjImJsSxgW1DHqwDHSbdYJuqjN0MdTYozMTzCzODOcQjpA2b5248/lbv
7VC0SuDR06VIwhsDBph4nt9XmIdlxYUWMiXpglqbSliD97Iui7hQRKKIfRvYelze
V6g+I/9sXUHMFKyevuNQYiUMzgbw0CrYItZz3ZNs4P6IHxhcID5xutkJ25BKMPhF
Qmf7yl8m/MV7oo7Wsy4Z6BG3ssBPxtbrzgcGMrq7r57pfU2VD4rl8Wt3VSCr/Qg=
=UZ6B
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

david at gbenet

Apr 25, 2012, 11:08 PM

Post #3 of 9 (538 views)
Permalink

Re: How to make GPG release the token? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26/04/12 05:49, Nguyễn Hồng Quân wrote:
> Hello all,
>
> I'm using GnuPG and OpenSC to test my token. Each time I've done using GPG, the OpenSC
> cannot access the token. I have to reboot the computer to use OpenSC.
>
> There is a way to make the GnuPG release the token completely after use?
>
A further thought:

http://gnupg-pkcs11.sourceforge.net/

David

- --
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.
Stern, sane,every brain-cell perfect and complete even at the moment of death. No
delusion.” https://linuxcounter.net/user/512854.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPmOZRAAoJEOJpqm7flRExp8AH/11n0ytNXxz3lOiA9WZ1rIsw
6tvCu2eIb3a5xnNE0Pc+ixWjspl6JtQEAzxIBaLKBGZHDWw3he5Crpry/+Y8OOYA
JyIMxyxqoj1uSYZPxj/8BjryJ5yb6j5Gc9dbZD4OU02GR/usN88j/B5Aq6Y/JwWA
W3k0jf0/nQzkLJvdsYX3si9zSLkUVKqfxsmp2iSrOTCb454jt48l8FtxYfgNotbA
tB3wHundBUpXDJududx+SiR993Q2pYuhPa58Axpdwb3454ryIWbAeKQfwunieScP
9iyyW0KfSUVy6ArfOkxprolWr0fJDsgqkjtIkTFgBziLPfmA8khckLwI6aS7Gu4=
=ulTK
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

quannguyen at mbm

Apr 26, 2012, 12:17 AM

Post #4 of 9 (539 views)
Permalink

Re: How to make GPG release the token? [In reply to]

Hello,
That's the Crypto Stick http://www.crypto-stick.com/
After trying pgp --card-status or gpg --card-edit, I cannot access the
Crypto Stick with OpenSC, meaning opensc-tool does not work.
Each time I use GPG, I have to reboot the computer in order to use OpenSC.

On 04/26/2012 01:03 PM, david [at] gbenet wrote:
> Hello Quan,
>
> I'm a little unclear what you mean by 'token?' You mean the
> passphrase? I know that Linux
> Mint Ubuntu Debian has problems with rebooting when programmes are in
> memory.May be your
> Smart Card is not compatible with OpenSC? Anyhow without knowing
> exactly what you mean by
> token am at a loss.
>
> David
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users [at] gnupg
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

--
Regards,
Quân

david at gbenet

Apr 26, 2012, 12:40 AM

Post #5 of 9 (538 views)
Permalink

Re: How to make GPG release the token? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26/04/12 08:17, Nguyễn Hồng Quân wrote:
> Hello,
> That's the Crypto Stick http://www.crypto-stick.com/
> After trying pgp --card-status or gpg --card-edit, I cannot access the
> Crypto Stick with OpenSC, meaning opensc-tool does not work.
> Each time I use GPG, I have to reboot the computer in order to use OpenSC.
>
> On 04/26/2012 01:03 PM, david [at] gbenet wrote:
>> Hello Quan,
>>
>> I'm a little unclear what you mean by 'token?' You mean the
>> passphrase? I know that Linux
>> Mint Ubuntu Debian has problems with rebooting when programmes are in
>> memory.May be your
>> Smart Card is not compatible with OpenSC? Anyhow without knowing
>> exactly what you mean by
>> token am at a loss.
>>
>> David
>>
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users [at] gnupg
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> >

Hi Quan,

I strongly suggest you read:

http://www.opensc-project.org/opensc/wiki/FrequentlyAskedQuestions

and a possible solution to your problem is to uninstall OpenSC and install:

http://gnupg-pkcs11.sourceforge.net/

Which hopefully will resolve problems you are having with GNUGPG with OpenSC

David

- --
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.
Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.”
https://linuxcounter.net/user/512854.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPmPv1AAoJEOJpqm7flRExzgEH/1p8oA0cqRE3KNtxbdjhzEIR
6uCfEnLPRl5T81LNtvyfTl2lNDvQZFg2JQyK/4ohggIs4cscNgSGdKJ8DyoYMLd1
zwOEErJHdhMaN2dqu1w37+G+hKkeWwVnTx1vM2q0LtoZQkjZKcFfxaXiQvpBZboq
j9IE1dfxXWkDdj63fwuZY27wXivfzKduIY3hIoRyJsO8/mGtf3hXpr3vkpjG1s3k
Z5HXSfgLoRjpjnkUBlTZSljdYUnxrqlZp0Uo0RhQiogxjFWibtDq0w8RUAwqsHKb
nR5QbMzcRw9FrUKqZs37vgSJtI+/1PtrWq0YPgbBjDhx6HVKsW/aKLJtvb/iIy0=
=spsg
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

quannguyen at mbm

Apr 26, 2012, 12:51 AM

Post #6 of 9 (539 views)
Permalink

Re: How to make GPG release the token? [In reply to]

Thanks David,

I'm starting to develop OpenSC to make it support fully the
CryptoStick (which uses OpenPGP card). So I cannot uninstall OpenSC.
Because the OpenSC does not support OpenPGP card fully, I sometimes use
GPG to test the card.

So there is no way to leave these two together?
--
Regards,
Quân

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

david at gbenet

Apr 26, 2012, 1:37 AM

Post #7 of 9 (533 views)
Permalink

Re: How to make GPG release the token? [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26/04/12 08:51, Nguyễn Hồng Quân wrote:
> Thanks David,
>
> I'm starting to develop OpenSC to make it support fully the
> CryptoStick (which uses OpenPGP card). So I cannot uninstall OpenSC.
> Because the OpenSC does not support OpenPGP card fully, I sometimes use
> GPG to test the card.
>
> So there is no way to leave these two together?
> --
> Regards,
> Quân
>
Hi Quan,

Sadly no two Linux Distros are the same. If you are using a Ubuntu/Debian/Gnome - you may
want to consider opensuse with KDE desktop. The drop in replacement for Debian I've already
given you - perhaps you could mention the problem in the forum relating to your card or
OpenSC - but I'd experiment with other Linux distros.

David

- --
“See the sanity of the man! No gods, no angels, no demons, no body. Nothing of the kind.
Stern, sane,every brain-cell perfect and complete even at the moment of death. No delusion.”
https://linuxcounter.net/user/512854.html.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPmQk2AAoJEOJpqm7flRExwNcH/1ysDvjpx6SaMBeEYQRR/IbE
Fc86DBdOj7/SpJgJY26M24EwbyC4JDvKxF9o9xltc271dXLQCMYTnZ4d1GopFH1K
01s6E44EToF/IAm1sPzYH2iVUWo16yL7xQejmveSVAiCz/ABIS8IPuEJn6GGijef
uJXIG62I9+6+KhQd7ELwjE9UHyUOWxUN7RNkXPjUCrkGD4yiCJbEJS6KribqMjQu
fFEuGOH65SZCa/NVxBOikV60gRZU/KP5HeL+NnK9dleTuZVhX6VjsgToVdt+YOW3
aBt++DOLdOmE5798gFJsk9Zlvy4yR1mH4b4nV+D3rs2w22I2d3AZPzYZtZvM4lw=
=FfMD
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

wk at gnupg

Apr 26, 2012, 1:43 AM

Post #8 of 9 (535 views)
Permalink

Re: How to make GPG release the token? [In reply to]

On Thu, 26 Apr 2012 06:49, quannguyen [at] mbm said:

> I'm using GnuPG and OpenSC to test my token. Each time I've done using
> GPG, the OpenSC cannot access the token. I have to reboot the computer
> to use OpenSC.

GnuPG requires exclusive access to the card. The best way to work with
the card from applications with only an pkcs#11 interface is the use of
scute (apt-get install scute). Scute provides an pkcs#11 interface on
top of the GnuPG system.

> There is a way to make the GnuPG release the token completely after use?

Yes. Put this option into scdaemon.conf:

--card-timeout N

If N is not 0 and no client is actively using the card, the card will
be powered down after N seconds. Powering down the card avoids a
potential risk of damaging a card when used with certain cheap
readers. This also allows non Scdaemon aware applications to access
the card. The disadvantage of using a card timeout is that accessing
the card takes longer and that the user needs to enter the PIN again
after the next power up.

Note that with the current version of Scdaemon the card is powered
down immediately at the next timer tick for any value of N other
than 0.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

quannguyen at mbm

Apr 26, 2012, 1:59 AM

Post #9 of 9 (532 views)
Permalink

Re: How to make GPG release the token? [In reply to]

Thank you all

On Thu 26 Apr 2012 03:43:17 PM ICT, Werner Koch wrote:
>
> Yes. Put this option into scdaemon.conf:
>
> --card-timeout N

--
Regards,
Quân

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads