Mailing List Archive: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM

gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM

Jun 24, 2022, 1:47 PM

Post #1 of 7 (636 views)

I am tring it get GnuPG to work with my SmartCard-HSM 4K on Windows, using the
GP4Win bundle.

Kleopatra doesn't recognise the SC-HSM 4K at all, even though, it DOES
recognise the YubiKey 5 NFC in BOTH PIV and Openpgp Card apps.

When trying to use the GPA.exe alternative, it just freezes when I click on
the "smartcards" button; not sure if it's related.

Trying to debug this, using CMD:

scdaemon --server
serialno

I get the following result:

> scdaemon[xxxxx]: detected reader 'ACS ACR38U 0' scdaemon[xxxxx]:
> reader slot 0: not connected scdaemon[xxxxx]: pcsc_control failed:
> invalid PC/SC error code (0x1) scdaemon[xxxxx]:
> pcsc_vendor_specific_init: GET_FEATURE_REQUEST failed: 65547
> scdaemon[xxxxx]: reader slot 0: active protocol: T1 scdaemon[xxxxx]:
> slot 0: ATR=3bde18ff8191fe1fxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> scdaemon[xxxxx]: error parsing PrKDF record: Invalid object
> scdaemon[xxxxx]: no supported card application found: Invalid object S
> PINCACHE_PUT 0// ERR 100696144 No such device <SCD>

Below I am including my configuration files.

scdaemon.conf

###+++--- GPGConf ---+++###
verbose
verbose
verbose
verbose
verbose
verbose
verbose
verbose
verbose
disable-ccid
###+++--- GPGConf ---+++### 09/06/y22 23:29:33 GTB Daylight Time
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.

#pcsc-shared

I have tried all possible combinations with `disable-ccid` and `pcsc-shared`
and nothing works.

gpgagent.conf

###+++--- GPGConf ---+++###
enable-extended-key-format
ignore-cache-for-signing
no-allow-external-cache
no-allow-loopback-pinentry
grab
pinentry-timeout 10
verbose
verbose
verbose
verbose
verbose
verbose
verbose
verbose
verbose
ssh-fingerprint-digest SHA384
###+++--- GPGConf ---+++### 18/04/y22 07:30:51 GTB Daylight Time
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.

enable-putty-support
enable-ssh-support
use-standard-socket
default-cache-ttl 600
max-cache-ttl 7200

gpgsm.conf

###+++--- GPGConf ---+++###
auto-issuer-key-retrieve
enable-crl-checks
enable-ocsp
verbose
verbose
verbose
verbose
verbose
verbose
verbose
verbose
verbose
include-certs -1
cipher-algo AES256
###+++--- GPGConf ---+++### 01/04/y22 19:10:26 GTB Daylight Time
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.

I was never able to get the SC-HSM to work with GnuPG, even though it is
supposedly supported. This is the current time I am trying to figure it out.
This time, I haven't played with anything else than scdaemon.conf, but, as far
as I can tell, the SC-HSM didn't work even with the defaults on a fresh
install.

The card otherwise works nicely with everything else. Any help would be
greatly appreciated!

Re: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM [ In reply to ]

kloecker at kde

Jun 25, 2022, 4:08 AM

Post #2 of 7 (635 views)

Permalink

On Freitag, 24. Juni 2022 22:47:55 CEST Minas Argyrou via Gnupg-users wrote:
> I am tring it get GnuPG to work with my SmartCard-HSM 4K on Windows, using
> the GP4Win bundle.
>
> Kleopatra doesn't recognise the SC-HSM 4K at all, even though, it DOES
> recognise the YubiKey 5 NFC in BOTH PIV and Openpgp Card apps.

Every smart card and every smart card reader is different and therefore it's
sheer luck if scdaemon (and thus Kleopatra which relies entirely on scdaemon)
supports a smart card or a reader that is not explicitly supported.

> When trying to use the GPA.exe alternative, it just freezes when I click on
> the "smartcards" button; not sure if it's related.

Maybe GPA doesn't handle the errors that scdaemon reports correctly. In any
case, GPA is not actively developed or maintained anymore (https://
dev.gnupg.org/source/gpa/history/master/).

> I was never able to get the SC-HSM to work with GnuPG, even though it is
> supposedly supported.

I'm not sure this is correct. According to `man scdaemon` some "SmartCard-HSM
card application" is supported, but `man scdaemon` goes on "The SmartCard-HSM
cards requires a card reader that supports Extended Length APDUs.". This
implies that scdaemon supports some "SmartCard-HSM" that is available as a
smart card which needs to be inserted into a smart card reader.

Your SC-HSM 4K seems to be a USB token, i.e. it includes a smart card reader.
I guess it's _not_ supported by scdaemon and/or pcsc.

Regards,
Ingo

Re: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM [ In reply to ]

liste at secarica

Jun 25, 2022, 5:29 AM

Post #3 of 7 (635 views)

Permalink

În data de Fri, 24 Jun 2022 20:47:55 +0000, Minas Argyrou via Gnupg-users a scris:

> When trying to use the GPA.exe alternative, it just freezes when I
> click on the "smartcards" button; not sure if it's related.

Since Gpg4win 4.0.x, GPA freezes when clicking on toolbar Card icon.

You can try version Gpg4win 3.1.16, which has a still working GPA card manager.

Cristi

--
Cristian Secar?
https://www.secarica.ro

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM [ In reply to ]

gnupg-users at gnupg

Jun 26, 2022, 2:59 AM

Post #4 of 7 (635 views)

Permalink

Hello,

Wow, thanks for the clarification, I didn't know about that problem in the newer versions! Do you, by any chance, know about the SC-HSM not being recognized for S/MIME? Much appreciated!

Minas

-----Original Message-----
From: Cristian Secar? <cristi@secarica.ro>
Sent: Saturday, 25 June, 2022 15:26
To: gnupg-users@gnupg.org
Cc: Minas Argyrou <minasargyrou@outlook.com>
Subject: Re: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM

În data de Fri, 24 Jun 2022 20:47:55 +0000, Minas Argyrou via Gnupg-users a scris:

> When trying to use the GPA.exe alternative, it just freezes when I
> click on the "smartcards" button; not sure if it's related.

Since Gpg4win 4.0.x, GPA freezes when clicking on toolbar Card icon.

You can try version Gpg4win 3.1.16, which has a still working GPA card manager.

Cristi

--
Cristian Secar?
mobil: +40 722 570015
https://www.secarica.ro

Re: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM [ In reply to ]

liste at secarica

Jun 26, 2022, 4:28 AM

Post #5 of 7 (635 views)

Permalink

În data de Sun, 26 Jun 2022 09:59:43 +0000, Minas Argyrou a scris:

> Do you, by any chance, know about the SC-HSM not being recognized for
> S/MIME? Much appreciated!

No, sorry.

Perhaps this is application-dependent ? Just a clue from this Outlook-related issue:
https://github.com/OpenSC/OpenSC/issues/755

Cristi

--
Cristian Secar?
https://www.secarica.ro

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM [ In reply to ]

gnupg-users at gnupg

Jun 27, 2022, 6:55 AM

Post #6 of 7 (634 views)

Permalink

On Fri, 24 Jun 2022 20:47, Minas Argyrou said:

>> scdaemon[xxxxx]: detected reader 'ACS ACR38U 0' scdaemon[xxxxx]:

Never got them to run properly. Just stay way from this reader type.

> I was never able to get the SC-HSM to work with GnuPG, even though it is
> supposedly supported. This is the current time I am trying to figure it out.

I have samples here but unfortnately did not came around to test them.

However, there are updates to the pkcs#15 handling in the latest GnuPG
releases. You may want to check that you are using 2.2.35 or 2.3.6.

Shalom-Salam,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

RE: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM [ In reply to ]

gnupg-users at gnupg

Jul 10, 2022, 3:10 AM

Post #7 of 7 (600 views)

Permalink

My apologies for the late response. So, you are suggesting that the reader might be the problem? Because, as far as I know, they are a very common reader and the same reader works for OpenSC, PKCS11, Windows minidriver etc. for both the SC-HSM and every other card I have tried. I couldn’t find definitively if it supports Extended-Length APDUs though, it is just not mentioned in any of the technical specifications of the company.

I am using the latest GPG4Win package released. You have mentioned some samples, would it be possible that you try them when you have some time? Any suggestions for a card reader besides the ACR38U-N1?

Thanks,
Minas

-----Original Message-----
From: Werner Koch <wk@gnupg.org>
Sent: Monday, 27 June, 2022 16:55
To: Minas Argyrou via Gnupg-users <gnupg-users@gnupg.org>
Cc: Minas Argyrou <minasargyrou@outlook.com>
Subject: Re: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM

On Fri, 24 Jun 2022 20:47, Minas Argyrou said:

>> scdaemon[xxxxx]: detected reader 'ACS ACR38U 0' scdaemon[xxxxx]:

Never got them to run properly. Just stay way from this reader type.

> I was never able to get the SC-HSM to work with GnuPG, even though it is
> supposedly supported. This is the current time I am trying to figure it out.

I have samples here but unfortnately did not came around to test them.

However, there are updates to the pkcs#15 handling in the latest GnuPG
releases. You may want to check that you are using 2.2.35 or 2.3.6.

Shalom-Salam,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Mailing List Archive

Attached Files:

Attached Files:

Attached Files:

Attached Files:

Attached Files: