lazka
commented
3 years ago I can confirm. No idea though..
I'd focus on the mingw build though.
Open drichardson opened 3 years ago
lazka
commented
3 years ago I can confirm. No idea though..
I'd focus on the mingw build though.
1480c1
commented
3 years ago Perhaps the msys2's gpg is looking for *nix specific locations to access the smartcard? Could you try with mingw64's gpg?
lazka
commented
3 years ago I tried with the mingw one
jeremyd2019
commented
3 years ago GPG has a couple of different ways of accessing usb smartcards (at least on Linux). They prefer using libusb to access and handle all communications themselves. They also support using PCSC, which is an open-source implementation corresponding to winscard on Windows. I expect this to be the interface that works on Windows.
jeremyd2019
commented
3 years ago Huh, worked for me with both msys2 and mingw32 gnupg.
lazka
commented
3 years ago does it depend on the device or card maybe? I have an openpgp card + Gemalto IDBridge K30
jeremyd2019
commented
3 years ago Possibly - Yubikey 4 here.
Before it worked for me, I was going to try disable-ccid in ~/.gnupg/scdaemon.conf, that's supposed to disable the libusb mechanism and force it to use PCSC. You might try that.
drichardson
commented
3 years ago FYI, I sent a message to Yubico support to see if an engineer could take a look at this issue.
We have created a request (323837) on your behalf.
The content of the request is as follows:
Doug Richardson
Feb 14, 2021, 1:33 AM GMT+1
The MSYS2 version of gpg does not work with my newly purchased Yubikey 5 NFC. I filed an issue with the MSYS2 project, but no one is sure what the problem is at the moment.
Perhaps one of your engineers could take a look at this github issue.
https://github.com/msys2/MSYS2-packages/issues/2329
Thanks, Doug
drichardson
commented
3 years ago A few things I noticed today:
man scdaemon says:
To get a list of available CCID readers you may use this command:
echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}'
When I run this command, I get no results:
$ echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}'
$ gpgconf.exe --kill gpg-agent; gpgconf.exe --kill scdaemon
$ echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}'
gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
$ echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ {print $2}'
$If I remove awk from the pipeline, I get this:
$ echo scd getinfo reader_list | gpg-connect-agent --decode
ERR 100663354 No data <SCD>However, ykman.exe shows the device is connected via the CCID interface:
C:\Program Files\Yubico\YubiKey Manager> .\ykman.exe mode
Current connection mode is: OTP+FIDO+CCID
Supported USB interfaces are: OTP, FIDO, CCIDFYI, I posted this question to the gnupg-users mailing list and got the following response:
On Tue, 23 Feb 2021 18:47, Doug Richardson said:
Under MSYS2, gpg --card-status fails with the following when trying to
GnuPG is not intended to be build under MSYS. You need to cross-build from a real POSIX system using mingw. All other ways to build it are not supported and are strongly discouraged. Sorry.
jeremyd2019
commented
3 years ago For me, in MSYSTEM=MSYS.
~/.gnupg/scdaemon.conf:
log-file /home/XXX/scd.log
debug-ccid
disable-ccid
debug-all
debug-level guru~/scd.log:
2021-02-23 16:53:57 scdaemon[1335] listening on socket '/home/XXX/.gnupg/S.scdaemon'
2021-02-23 16:53:57 scdaemon[1335] handler for fd -1 started
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 -> OK GNU Privacy Guard's Smartcard server ready
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 <- GETINFO socket_name
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 -> D /home/XXX/.gnupg/S.scdaemon
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 -> OK
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 <- OPTION event-signal=31
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 -> OK
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 <- GETINFO version
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 -> D 2.2.27-unknown
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 -> OK
2021-02-23 16:53:57 scdaemon[1335] DBG: chan_7 <- SERIALNO
2021-02-23 16:53:57 scdaemon[1335] DBG: enter: apdu_open_reader: portstr=(null)
2021-02-23 16:53:58 scdaemon[1335] detected reader 'Yubico Yubikey 4 U2F+CCID 0'
2021-02-23 16:53:58 scdaemon[1335] reader slot 0: not connected
2021-02-23 16:53:58 scdaemon[1335] DBG: leave: apdu_open_reader => slot=0 [pc/sc]
2021-02-23 16:53:58 scdaemon[1335] DBG: enter: apdu_connect: slot=0
2021-02-23 16:53:58 scdaemon[1335] pcsc_control failed: invalid PC/SC error code (0x1)
2021-02-23 16:53:58 scdaemon[1335] pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547
2021-02-23 16:53:58 scdaemon[1335] reader slot 0: active protocol: T1
2021-02-23 16:53:58 scdaemon[1335] slot 0: ATR=3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4
2021-02-23 16:53:58 scdaemon[1335] DBG: pcsc_get_status_change: changed present excl inuse
2021-02-23 16:53:58 scdaemon[1335] DBG: leave: apdu_connect => sw=0x0...
jeremyd2019
commented
3 years ago Saw this in git for windows update: git-for-windows/MSYS2-packages#46. Maybe that's it?
gpg --card-statusandgpg --edit-cardfail with:This issue only occurs with MSYS2's gpg. GnuPG for Windows Simple Installer from GnuPG Downloads Page works fine. Here's is an demonstration of GnuPG for Windows working from a PowerShell terminal:
The fact it works with the GnuPG installer for Windows but not MSYS2 leads me to believe it could be a configuration issue in the MSYS2 build.
Steps to Reproduce the Problem
gpg --card-statusResult:
Additional Context: Operating System