Recently I set up a YubiKey 5C NFC, and when I connect it to my Linux
system (running in VMware under Windows), it sometimes takes minutes to
be able to use. I.e. it can take forever until I get a successful
response from:

    gpg --card-status

OTOH I can immediately get a response when I run the above command as
root. Now I notice that the occasional connection issues I have with the
OpenPGP card in my SCM SPR332 are similar. Furthermore, it happens that
the YubiKey or the card reader suddenly disappear for the ordinary user,
although that is rare.

I have set up udev rules for both. But it seems that sometimes they
don't trigger, or only with a long delay.

    [felix@felix-arch ~]$ cd /etc/udev/rules.d/
    [felix@felix-arch rules.d]$ cat 70-yubikey.rules
    # YubiKey Support
    #

    ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050",
    ENV{ID_MODEL_ID}=="0404", MODE="660", GROUP="scard"
    [felix@felix-arch rules.d]$ cat 71-gnupg-ccid.rules # GPG SmartCard
    Reader Support
    #

    ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="04e6",
    ENV{ID_MODEL_ID}=="e003", MODE="660", GROUP="scard"

Even without udev rules, I think I should have access to the devices,
because I'm in group `scard`:

    [felix@felix-arch ~]$ ls /dev/bus/usb/002/011
    /dev/bus/usb/002/011
    [felix@felix-arch ~]$ ls -l /dev/bus/usb/002/011
    crw-rw---- 1 root scard 189, 138 Aug  3 14:56 /dev/bus/usb/002/011
    [felix@felix-arch ~]$ gpg --card-status
    gpg: selecting card failed: No such device
    gpg: OpenPGP card not available: No such device
    [felix@felix-arch ~]$ groups
    scanner saned uucp optical lp audio wheel felix scard plugdev
    [felix@felix-arch ~]$ lsusb
    Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
    Bus 003 Device 004: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 003 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 003 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
    Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 002 Device 002: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 002 Device 011: ID 1050:0404 Yubico.com Yubikey 4/5 CCID
    Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

How do I fix that?

I am happy to substitute the udev rules with a timer, or to call some
command to give permissions every time I want to use the YubiKey or the
OpenPGP card. I just would like the whole process to be more reliable.
Currently, it’s extremely frustrating.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to