I have a OpenPGP Card that looks like this (note that it is NOT a yubikey/nitrokey) that I would like to use with my laptop’s built in smart card reader.
Here is my nixos configuration:
#configuration.nix
services.pcscd.enable = true;
hardware.gpgSmartcards.enable = true;
#Just in case this helps
services.udev.packages = [ pkgs.yubikey-personalization ];
#home.nix
programs = {
gpg = {
enable = true;
mutableKeys = false;
mutableTrust = true;
publicKeys = [
{ source=../gpg-pub.key; trust="ultimate"; }
];
};
services = {
gpg-agent = {
enable = true;
pinentryFlavor = "qt";
enableSshSupport = true;
verbose = true;
};
};
But when I try gpg --card-status it doesn’t find my smart card
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
I know that the card reader is working because when i do pcsc_scan I get:
PC/SC device scanner
V 1.6.2 (c) 2001-2022, Ludovic Rousseau <ludovic.rousseau@free.fr>
Using reader plug'n play mechanism
Scanning present readers...
0: Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
Thu Oct 19 16:57:10 2023
Reader 0: Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00
Event number: 0
Card state: Card inserted,
ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
ATR: 3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
+ TS = 3B --> Direct Convention
+ T0 = DA, Y(1): 1101, K: 10 (historical bytes)
TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU
129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s
TC(1) = FF --> Extra guard time: 255 (special value)
TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1
-----
TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1
-----
TA(3) = FE --> IFSC: 254
TB(3) = 75 --> Block Waiting Integer: 7 - Character Waiting Integer: 5
TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following
-----
TA(4) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A 5V B 3V
+ Historical bytes: 00 31 F5 73 C0 01 60 00 90 00
Category indicator byte: 00 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: F5
- Application selection: by full DF name
- Application selection: by partial DF name
- BER-TLV data objects available in EF.DIR
- BER-TLV data objects available in EF.ATR
- EF.DIR and EF.ATR access services: by GET DATA command
- Card without MF
Tag: 7, len: 3 (card capabilities)
Selection methods: C0
- DF selection by full DF name
- DF selection by partial DF name
Data coding byte: 01
- Behaviour of write functions: one-time write
- Value 'FF' for the first byte of BER-TLV tag fields: invalid
- Data unit in quartets: 2
Command chaining, length fields and logical channels: 60
- Extended Lc and Le fields
- RFU (should not happen)
- Logical channel number assignment: No logical channel
- Maximum number of logical channels: 1
Mandatory status indicator (3 last bytes)
LCS (life card cycle): 00 (No information given)
SW: 9000 (Normal processing.)
+ TCK = 1C (correct checksum)
Possibly identified card (using /nix/store/ja20dwhv5s4kf7d7w0vsiln198yilqq5-pcsc-tools-1.6.2/share/pcsc/smartcard_list.txt):
3B DA 18 FF 81 B1 FE 75 1F 03 00 31 F5 73 C0 01 60 00 90 00 1C
OpenPGP Card V3
So the pcsc daemon must not be passing this information on to gpg-agent somehow…?
Any ideas on what I should try next?
PS: I’m using homemanager with the unstable channel and have freshly done a nix flake update