free software blog
my free software blog
Using the Fellowship Cryptocard for SSH authentication
I just finished setting up my fellowship cryptocard for ssh authentication.
Here I want to let you know what seems to have changed since Georg Greve gave an update on that topic the last time.
Debian knows about gpg2. gpg2 (and gpg-agent) can be installed on Debian testing and unstable as ‘gnupg2‘ and ‘gnupg-agent‘ in version 1.9.20 (There is also a version for stable but I doubt that one is recent enough, that would be gnupg2 version 1.9.15). Both are working fine with the card.
gpg2 however tries to find the pcsc-wrapper program in /usr/lib/gnupg. The program is installed to /usr/lib/gnupg2 though – a symlink fixes that problem.
There seems to be one problem though. Once the agent is running gpg2 cannot access the card anymore at all and gpg1 cannot use it for signing anymore, gpg –card-status seems to work though.
The latter one is quite straight-forward: gpg1 cannot use gpg-agent, it’s still a feature of gpg2.
The other thing worries me though: gpg2 should know how to use the agent to gather information on the card that’s being used by the agent right now.
I’ll check if I can find any bug reports or possibly a fixed bug related to this tomorrow. If I don’t succeed in doing that I guess I’ll have to fix the ‘bug’ myself.
However, I’ll keep you updated.