Unix and Linux Stack Exchange
Unix and Linux Stack Exchange

Questions tagged [smartcard]

Any number of contact or contactless chip devices that serve cryptographic or authentication functions. They normally depend upon some daemon for interaction with the computer and have dependencies like *PCSC-Lite*.

Smartcards are increasingly being used for more secure Authentication or for PKCS#11 and OpenPGP cryptography (to use with full-disk-encryption FDE or encrypted emails, etc.) Within a unix/linux environment, smartcards are frequently used with applications such as GnuPG (GPG) or Device Mapper LUKS (DM-Crypt) file systems.

A few common smartcards include:

While other devices may also technically be smartcards, they most likely deserve separate tags or are outside of the scope of unix/linux forum (such as mobile phone SIM cards or banking chip (EMV) cards).

34 questions
17
votes
1 answer

Why do GnuPG 2 and gpg-connect-agent fail with "ERR 67108983 No SmartCard daemon"?

Using Debian Jessie and GnuPG 2, each time I try to use GnuPG 2 (gpg2) or gpg-connect-agent together with an OpenPGP smartcard (in my case a YubiKey), the operation fails with a message $ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye ERR…
Jens Erat
  • 2,233
  • 2
  • 21
  • 33
11
votes
0 answers

Smartcard "sharing violation" when using OpenSC and GnuPG

On my Linux machine (Arch Linux, up to date as of this post) I am having trouble using both the OpenSC PKCS11 module and GnuPG. It seems like while an app using the PKCS11 module is started (in my case it's Firefox) it takes exclusive control of the…
André Borie
  • 535
  • 2
  • 15
6
votes
1 answer

Connecting SSH and Git to gpg-agent

I'm running a YubiKey NEO with the OpenPGP applet to store my GPG keys on the smart card. I've stopped all other SSH and GPG agents manually by removing their startup entries (On elementary OS Luna, Ubuntu 12.04). I've then started the scdaemon…
Naftuli Kay
  • 38,686
  • 85
  • 220
  • 311
5
votes
1 answer

Using "LuxTrust Signing Stick" on Fedora (this is specific to Luxembourg)

This is a question specific to the country of Luxembourg: In Luxembourg, electronic signature infrastructure for official and banking business is provided by the company LuxTrust S.A.. They offer USB sticks that are actually rebranded Gemalto…
David Tonhofer
  • 1,371
  • 13
  • 26
4
votes
2 answers

SSH to Linux host with smart card, is not working

I would like to connect to ssh host using the following command: ssh -I /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so HOSTNAME The error says that the library returned no slots.. debug1: provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so: …
user568021
  • 85
  • 2
  • 11
4
votes
1 answer

How can I view certificate details on a smart card

I am using p11tool on CentOS to read a PIV smart card. The card is being read via the coolkey package driver (using libcoolkeypk11.so, per p11-kit list-modules) I can get a listing of the certs on there using p11tool --list-all-certs…
Randall
  • 415
  • 4
  • 14
3
votes
2 answers

How to read a NFC card with USB reader

I need to read some NFC cards by a USB reader on a Linaro/Debian OS. The USB reader has a HID profile. Presenting a 13,56 MHz card the keyboard returns a code. I read about a command to send to the device but, since it is a (virtual) keyboard, I…
SteMMo
  • 187
  • 1
  • 7
3
votes
1 answer

Will removing an SSH key during an active session kick me out of the session?

I am carrying my SSH key in a NitroKey smartcard, meaning that in order to SSH into a remote server, I first have to plug in the NitroKey so the local computer can read the private key. However, I am wondering if I need to keep the private key…
Mads Peter Rommedahl
  • 33
  • 3
2
votes
2 answers

Is there a tool that can perform direct RSA decryption with a Yubikey?

The use case I'm looking for is that I walk up to a headless server and "unlock" it using a hardware key, where scripts on the server recognize that I've plugged it in and automatically use it without a pin or password or additional factors. The…
M Conrad
  • 963
  • 4
  • 13
2
votes
1 answer

How to import secret key on OpenGPG smartcard (copied from one machine/OS to another)?

I run a couple of PCs and they both multi-boot into more than one OS (Win10/Linux{Devuan}/FreeBSD & Win10/Linux{Devuan} respectively). I use Thunderbird + Enigmail (sticking with Version 68.x of the former for the moment as the integrated OpenGPG…
SlySven
  • 517
  • 4
  • 16
2
votes
3 answers

Smart card reader not working in Manjaro 19

I am running Manjaro 19.0.2, and I am struggling to get it to even detect a smart card reader I'm using: the SCR3310v2.0. I need this to work in order to access online US Military resources using a CAC to verify and authenticate my identity. I am…
Manuel
  • 131
  • 1
  • 6
2
votes
3 answers

PAM — completely disable password login

I am trying to improve the Security of my overall IT Infrastructure, so I started out to use a smart card for login. I have managed to configure a PIV Smart Card with a private key and a x.509 certificate and setup pam_pkcs#11 such that the Smart…
philipp
  • 183
  • 2
  • 10
2
votes
0 answers

OpenSSL PKCS#11 failed loading private key

I am running OpenSUSE LEAP15.1 and a seeing the following when trying to use a Nitrokey USB HSM: engine "pkcs11" set. Unable to load module (null) Unable to load module (null) PKCS11_get_private_key returned NULL cannot load CA private key from…
Little Code
  • 451
  • 4
  • 15
2
votes
0 answers

Device node in /dev for a smart card reader

I'm looking for a method to determine the device nodes (under /dev hierarchy) of all smart card readers in the system. Additionally, I need to run this method from a shell script. The pcsc_scan tool obviously knows how to find these device nodes,…
Guillermo López Alejos
  • 141
  • 5
1
vote
0 answers

PKCS#11 provider in OpenSSH: Is it possible to cache PIN?

I use a RSA key on a smartcard with an OpenSSH client. The smartcard is read by a smartcard reader with a pinpad. The key is protected with a PIN. Is it possible to cache the PIN somehow? I don't really like the need to write the PIN using the card…
d.c.
  • 887
  • 1
  • 7
  • 14
1
2 3