Fellowship Card Setup on Ubuntu 9.10 and Mac OS X 10.6
Friday, January 22nd, 2010Finally, I made it. It has been a pretty rocky way and I struggled hard – but now I got GPG using my Fellowship Card up and running on all of my platforms.
Let me try to outline the way I took, the obstacles I encountered and how I managed to resolve all issues.
- Basically I followed the excellent new tutorial at the FSFE Wiki. Everything worked out fine – until …
- … I tried to move my newly created subkeys to the smartcard. After asking me for the passphrase for the key and the master PIN for the card, gpg always failed with the very verbose message “Allgemeiner Fehler” (and no log entry or whatsoever).
- Obviously, it (i.e. the beast inside my computer) wanted me to play around. So I did. I tried to exclude all potential issues regarding file permissions. That didn’t seem to be the problem. My hypothesis then was, that my smartcard reader (a Reiner cyberJack pinpad) wasn’t capable of writing to the card (as it also wasn’t possible to alter the PIN codes). However, that also turned out not to be the problem, because the metadata of the card (name, public key URL, …) could be altered.
- Before giving up for that day, I wanted to give GPG2 a try. So I installed the gnupg2-package on my Ubuntu 9.10 and tried to access the card. I failed, obviously because of an issue with the – then mandatory – gpg-agent. Turned out that it wasn’t able to locate its socket where it expected it to be. I found a workaround in a forum post, which I eventually tried out. Using GPG2 and gpg-agent, I was finally able to transfer the keys to my card and also to alter the PIN-codes.
- From this point on, I continued to follow the tutorial mentioned above. Everything worked out fine (except I’m missing my original encryption subkey now, which does not seem to have any negative effects).
- As GPG2 only worked using the gpg-agent-workaround, I switched back to GPG for daily use. With the keys already transfered to the card, GPG also works without flaws.
- Thunderbird Integration (via Enigmail) then was no problem anymore – worked out of the box and now requires me only to plug in my card and enter my PIN.
- As everything worked out fine on Ubuntu, I transfered my whole .gnupg directory to my Mac, where I already had a running instance on MacGPG. Also the drivers for the cardreader were already installed, as I had used it before with my Austrian citizen card. Surprisingly, everything worked immediately without any issues. Also my Thunderbird installation on the Mac was able to interact with the card.
For now, I pretty happy with the setting I have. The card reader is hotpluggable on both plattforms, Thunderbird is able to use it via Enigmail. For everything else, I’m using the terminal on both platforms at the moment.
Next task: make ssh work with the smartcard – to be continued.