Gemalto smart card problem El Capitan 10.11.2 "OpenPGP card not available: Card error"

n0trab's Avatar

n0trab

10 Dec, 2015 11:47 PM

Good smart folks,

GPG is essential for my work and I use GPGTools daily. Updating to El Capitan has broken use of my smart card. Help if you can, please.

~BG

Which of our tools is giving you problems?

GPGServices

Paste version info of your installed software:

Mac OS X 10.11.2 (15C50)
Libmacgpg 0.6.1 752
GPGMail 2.5.2 1060 <=== I don't use Mail but in fact I installed 2.6B2
GPG Keychain 1.2.1 1147
GPGServices 1.10.1 871
MacGPG2 2.0.28 855
GPGPreferences 1.5 846

Note: I use MailMate, not the native Mail client, but that's not material to this problem. GPG doesn't see my smart card on the command line either.

Note2: I am running GPGTools inside a VMWare Fusion 8 virtual machine with OSX guest. I explain below why this does not seem pertinent either.

Describe your problem. Add as much detail as possible.

With Mavericks and Yosemite, GPGTools worked smoothly with my OpenPGP 2 smart card in a Gemalto shell token v2. I updated to OSX 10.11.2, and now GPG can't find my smart card.

> gpg2 --card-status
gpg: selecting openpgp failed: Card error
gpg: OpenPGP card not available: Card error

I tried:

> gpg2 --card-edit
gpg: selecting openpgp failed: Card error
gpg: OpenPGP card not available: Card error
gpg/card>

I can of course encrypt something to my public key (OpenPGP: Encrypt Selection in the context menu) without the private key. But when I try to decrypt the same way (OpenPGP: Decrypt Selection in the context menu), I get:

Decrypt failed! (Card error)
Code = 108

Of course I've tried removing and re-inserting the smart card. I also confirmed the same card still works on OSX Yosemite 10.10.5.

I mentioned above that I am running GPGTools inside a virtual machine. I would not get hung up on that as it seems unlikely to me to be the problem. Still, here's the setup: VMWare Fusion 8.1.0 running on a Macbook Pro (2015, retina, 13") host. I use multiple OSX guest VMs on this machine. VMWare lets you specify which VM controls the Gemalto shell token. The Gemalto token has always worked fine inside a VMWare VM for me. In fact, the same card still does work when I tell VMWare Fusion to mount it in a VM running OSX Yosemite 10.10.5. The problem is present only in the El Capitan VM. But that's the one I use for email, and where I need my smartcard key.

I'm really in a pickle. Hope you can help.

What did you expect instead

Smart card would work.

Describe steps leading to the problem.

  1. Updated the Mac (the VMWare OSX VM) from Yosemite to El Capitan.

If your problem concerns GPGMail, are other plugins installed in Mail.app?

As noted, I don't use Mail.app. I use MailMate, which integrates GPG just fine when GPGTools are installed.

  1. 1 Posted by n0trab on 11 Dec, 2015 12:35 AM

    n0trab's Avatar

    This is pretty urgent for me. I use GPG every day. Thanks again.

  2. Support Staff 2 Posted by Luke Le on 15 Dec, 2015 10:43 PM

    Luke Le's Avatar

    Hi,

    sorry for not responding earlier.
    Could you please enable debug modus in your gpg-agent.conf by adding the following line to your gpg-agent.conf file:

    debug-level expert
    log-file /tmp/gpg-agent.log
    

    After that run the following command:

    gpg2 --card-status
    

    Please attach the gpg-agent.log file to this discussion, or send it to team @ gpgtools.org

  3. Support Staff 3 Posted by Luke Le on 15 Dec, 2015 11:36 PM

    Luke Le's Avatar

    Hmmm... as i expected, gnupg believes the card is not present.
    Could you please check Console.app for log messages related to "Gemalto" and send them to us as well?
    Also, please post the exact Gemalto model you have. Smart Card support is very particular and Apple is known to include bugs in their framework accessing the smart cards.

  4. 4 Posted by n0trab on 16 Dec, 2015 07:52 PM

    n0trab's Avatar

    The Gemalto model is the IDBridge K30, previously known as the USB Shell Token v2 - GemPC key. According to the driver support page, it is natively supported "since OS X 10.10" and needs no driver. It certainly works for me under 10.10, and as I recall it worked fine under 10.9 as well.

    The smart card inside the shell token is the OpenPGP Card, version 2, sold by Kernel Concepts in Germany.

    Here's what I get from Console after I try

    gpg2 --card-status

    12/16/15 2:45:16.159 PM com.apple.SecurityServer[81]: Token reader Gemalto USB Shell Token V2 inserted into system
    12/16/15 2:45:16.159 PM com.apple.SecurityServer[81]: reader Gemalto USB Shell Token V2: state changed 0 -> 18
    12/16/15 2:45:16.227 PM com.apple.SecurityServer[81]: reader Gemalto USB Shell Token V2: state changed 16 -> 34
    12/16/15 2:45:16.233 PM com.apple.SecurityServer[81]: token in reader Gemalto USB Shell Token V2 cannot be used (error 229)
    12/16/15 2:45:42.628 PM com.apple.SecurityServer[81]: reader Gemalto USB Shell Token V2: state changed 32 -> 162
    12/16/15 2:45:42.628 PM com.apple.SecurityServer[81]: token in reader Gemalto USB Shell Token V2 cannot be used (error 229)
    12/16/15 2:45:45.703 PM com.apple.SecurityServer[81]: reader Gemalto USB Shell Token V2: state changed 160 -> 34
    12/16/15 2:45:45.704 PM com.apple.SecurityServer[81]: token in reader Gemalto USB Shell Token V2 cannot be used (error 229)
    12/16/15 2:45:45.991 PM com.apple.SecurityServer[81]: reader Gemalto USB Shell Token V2: state changed 32 -> 162
    12/16/15 2:45:45.992 PM com.apple.SecurityServer[81]: token in reader Gemalto USB Shell Token V2 cannot be used (error 229)
    12/16/15 2:45:48.994 PM com.apple.SecurityServer[81]: reader Gemalto USB Shell Token V2: state changed 160 -> 34
    12/16/15 2:45:48.994 PM com.apple.SecurityServer[81]: token in reader Gemalto USB Shell Token V2 cannot be used (error 229)
    12/16/15 2:45:49.003 PM com.apple.SecurityServer[81]: reader Gemalto USB Shell Token V2: state changed 32 -> 18
    12/16/15 2:45:49.363 PM com.apple.SecurityServer[81]: reader Gemalto USB Shell Token V2: state changed 16 -> 34
    12/16/15 2:45:49.364 PM com.apple.SecurityServer[81]: token in reader Gemalto USB Shell Token V2 cannot be used (error 229)

  5. 5 Posted by n0trab on 16 Dec, 2015 08:13 PM

    n0trab's Avatar

    Wait, this is very strange. I used it in an OS X 10.10 Virtual Machine just now and it worked fine. Yet Console still threw errors. See below.

    gpg --card-status

    It gives a normal status message, beginning with:

    Application ID ...: [redacted by n0trab]
    Version ..........: 2.0
    Manufacturer .....: ZeitControl
    Serial number ....:[redacted by n0trab]

    Here's the full Terminal message, which I'm encrypting to the team at GPG Tools to protect my privacy.

    -----BEGIN PGP MESSAGE-----

    hQIOAwfq5Jrby+ZxEAf/a9ZUQR1u+SCOIyZ56zBUVmFIT8Ji5hkJY+wlHPBgtZCW
    lObCNljLx4pHZ5FjlvQEGABDL5V4cTgZoJl0w24Tfz7ztnXtvLPTD4Jh0iqyzPQa
    8279FvbkfQgO/urgLAf6EGLTxpi/Ph3Nt/Gd9rAwEz1euaJjK52dz7uyDbk3uTBP
    WyRZ7JKDjavYkI4VXPYyUl0JC5+vT6wU9WCT0h5P6BCNGqCaD8flP0jLL3A704r7
    4aVI5MDCNmSZUztph6AyNlgAGRmy+FjrohPAhCwduXPbpWmlr5JR6Tw06B9uBw/R
    H9hatkoHYJx6eNID4V5saoI4OP9HLiObt1conUmETAf9EJtUEkClYsC2Zjh81aR+
    MmaPeTqIAKGLSYDznI00RUEEi19DqWvaZIp0JVZgv7P8i3CXpW/YosBlQpiC1N/Q
    0QnyJu27VRRCwRJEZaygLseUlNmJC59c3jO/GWNk0j95ORl8BWck510qrQ+4pm2w
    K9mzufC5JQBUx78vu6YvWKcpl25FNPjThW2/rZ9mT5TuzqP6dLhJymxUl7pkKH9d
    GrdNBuMpJLYdRg6oKzy2ksjjp0Ni+vL+LtIfRz+cJXjT6ILZYtnWyyJDi4wfA0fV
    wi5uly1bnQL/9vV3IIFNtAxraxvm2mGLVgeCtFAdx+z9m1I3LFQ2w7CnLOgN0+Wg
    NIUBjAPKM0KLsFJCogEMAIHd3QyVyW+ywkcpmXLRoYbclwULUrJiMxSedvlxvaPI
    H+10CBZ/zEqZ8d3rqxten2kobcfpPTkqhrmXVmfh5JFqGo9ALb7lLzrWsc+2Vkfx
    5Lr4T0q3iBDoXefvA51nPXw4gNKG4W4VkJ5Io+ZcAyv6HQiJrmQzNwrkA06czOIP
    hpBDcF+LMfFAN6cqN1zQ2Nz1P6YA2B3njsijAgJQ4bKno8i2Hp+RyusNyfxSBLVt
    t7fBvyv4G2tcbLnFQAn+PCz8IaG899bZA8+4ho0qkiYxgzUKIj+cKjlNqliBHDdI
    5LpWFvYD1vmGFxwYWk/iQ1gDjr3+5msBmhZD4lOirDdcuZm+120oCY+gb524Xp1M
    f8qMwxAN8qlNfSzIPc9Y8HXiEBTafifWv7O55AWXaYY/NlkYCsnNZ60szP0eeSni
    XIaMB/UWBEumIjSJmG1k+gr1knq7in1Y+DPMbsCj1Au94VibblQGeIh6GrBnVdmi
    LjshqA5VDaD/uA/bHYp9GtLqAZJdq1LptFaVaDaDk6npCtZjIA4ca4OCMNLXv9QD
    qY53FLFrDmT6Gw38W7cB38zJg8nezt5WzJqQxb2Tsa5scvC7mavMal2ULJmMDhsS
    bUS9X87U/NSjIiCnypMvLbFVLEoC2Vn6k9LYX0iAH97gcEwGfDbtUeo/S3P92SaK
    p8K9eNo571+YYaDEe1Hw2KhRTQopSTZps9p/A/fZrRKMe7W2Gs1EXIQsfDuwYLgd
    fC13NZIJYS6DN+4U3zN7akCxfzyxFlodNYCIEBUNXYHgzU0VorruYy7SlXHHnTTO
    YkO+PY664ndKrRmI8IJ1dO2KOmorIKc0gL1mquzEu5D44wNdaWHkWlPXNv+1hicm
    208ix8NXOwZJPxZ+JctxjVNsfWgSk2T8K3nGJNATTCNv9jP75YspeqtLZ0HUWq3H
    kRuP9IxmT9OSrBEYvJWae7ttCMKYS3tDap7ZRaPy8abboxX+UBQI/VYFgkx46rcb
    3oAbMCmFov2hhQE0dMJ885W2uPmqXDgqCMTYURRTRyesolGVSf50qfjf7N2rdRO4
    +U8D/8d1suCLwygCZ3OhpapWwABXV2hnPIvBDyK8rauooi6XNZWbOovmZGfkm4Kn lUSLEOYpSMzuDJAqyIMSIuh3jhKNycb1Wurh9wqubZOsYlWb8f947TowtU0nI5Nm
    1549/8XYenXMCry8MKfFtZiopyKfi+N91nfR7z6xyRL5HLQtx9KMbLf+EDMC1tLV
    7hn5eeC4Mnzemld7s93V6SYiGzt6Eb9pl5LT6UFgnIt1n/+6iKym5I2kz8CYKpgd
    8Tl9o9vkPfaCcs999u0PHHnnPiLQ0q5KgDPQaN48RmtWOpqxP3+0V+weT53rxg6S
    YDBbwzn/bvuwHrjLXc6hBTHf3XHfdbabTzk3DDIoMnqTuODnsFH1v9AR4nDRY2gi
    U18+XdS/sKy7ZYRGr9hJ50phHf3DkZvcsC7ehX105v6Py2NR1nE9RzUFNTJTIHWi
    97BrNQFK3489GoSGX/55di49ZHpvT/fbQ0YjUYiifEpdcxsYuB44iLqgUiu990ik
    Z1B9BiRGYs8ga0KDOc59SvF8A+YHMV8kzuZ8SRN1+MQTY+f/a/3iWpvnGLfvTrns
    Ye81MPy/u/+KEp79sOe41RmgdOjI1CO9LiLqdS30ANO7wsk7Tds4DCrRwOZiOF2H
    SwoDd1YwcZWodtxX0aJr6H3eTC7hkI0rR7JuZIGbBqFipfy8vBAVRUUrq6qjyBJS
    IgEGtih8S80U9vmgiMnzB3mJCuuXePeO628asEmZkO8ALxXAb6Qa+i7eFihlNQJl
    vtVO1eIu45a3L3jASO/FkqjjUwVHkaqwdHRFXADBpkNd4L99TEVPYpyNY1NP4LP3
    6nNmY6Q+zuaspmRVvV3vX5a65+u1qRY59j6IGGMNcQwB3GiuKm0KPBlvkIgEsA0y
    72dW+w7Zh+ADfv8u1+6/mMH3Y33N5Z+TEh5fN/VJZQYGEira8fNwuLhn3Cqd9gxI
    zhRwct8pEnWF+li4FSPHWyzS8oNeAEDRUVB81vg6fBulmSrTtEILlJTtNgn/3k22
    /BWehdistehcFJt/feWFHeqOmU6+uIWn3W/7NIxTKmP2Pw== =TiRF -----END PGP MESSAGE-----

    The same smart card also decrypted a file successfully, a moment before.

    AND YET, here's from Console.app:

    12/16/15 3:07:22.544 PM com.apple.SecurityServer[79]: Token reader Gemalto USB Shell Token V2 inserted into system
    12/16/15 3:07:22.544 PM com.apple.SecurityServer[79]: reader Gemalto USB Shell Token V2: state changed 0 -> 34
    12/16/15 3:07:22.553 PM com.apple.SecurityServer[79]: token in reader Gemalto USB Shell Token V2 cannot be used (error 229)
    12/16/15 3:07:31.366 PM com.apple.SecurityServer[79]: reader Gemalto USB Shell Token V2: state changed 32 -> 162

    How can it be throwing an error for a card that works just fine? I can even use gpg --card-edit.

  6. Support Staff 6 Posted by Luke Le on 17 Dec, 2015 08:37 PM

    Luke Le's Avatar

    Hi,

    the errors, as strange as it sounds, don't have to mean that something's not working in this scenario.
    Unfortunately all the messages are also net telling much.
    Could you try one thing that might help.

    Add the following line to scdaemon.conf (in ~/.gnupg):

    disable-ccid
    

    You might have to create the file if it doesn't exist.

    Afterwards run the following commands:
    killall gpg2 killall gpg-agent killall scdaemon

    (Best stop any apps accessing gnupg before doing that)

    After that try to sign or decrypt some content.

  7. 7 Posted by n0trab on 17 Dec, 2015 09:51 PM

    n0trab's Avatar

    OK. No joy but slightly different error message the first time I tried gpg2 --card-status. If that helps.

    $ touch ~/.gnupg/scdaemon.conf

    $ echo 'disable-ccid' >> ~/.gnupg/scdaemon.conf

    Then:

    $ killall gpg2

    No matching processes belonging to you were found

    Then

    $ killall gpg-agent

    Then

    $killall scdaemon

    No matching processes belonging to you were found

    Here I get a new error message:

    $ gpg2 --card-status

    gpg: no running gpg-agent - starting one

    gpg: waiting 5 seconds for the agent to come up

    gpg: can't connect to the agent: IPC connect call failed

    gpg: OpenPGP card not available: No agent running

    Repeating the command produced the error I've been getting previously:

    $ gpg2 --card-status

    gpg: selecting openpgp failed: Card error

    gpg: OpenPGP card not available: Card error

    I tried, with the card in that unavailable state, to encrypt and sign using the private key on the card. Instead of throwing an error, it appeared to sort-of encrypt the selection.

    Specifically, I selected some text in TextWrangler, then Services ... OpenPGP: Encrypt Selection. I chose the private key on the smart card for encryption and signing, and no other recipient. There was no error message and no request for my smart card PIN. The output was as follows. Note there's no "END PGP MESSAGE" at the end.

    -----BEGIN PGP MESSAGE-----

    hQGMA8ozQouwUkKiAQv+OZYvp2bG/wVgvEhOUidTmlGatf1H01Bpc1sFZDD+2XSj
    vWYJ4hsbZSgEsz4w3NDGpkZTRDrgY76Vz4a9zdHu8yhuolupjhSMxYfFqLbQ+Ola
    ilgLrJnAh/riLM2i3IUCNjHQWk9EdYu3SEIL5vPw7B6SnxgionTuqZxRz7PK07dn
    2rUls3Ah6dV5dTspPxAYKCML+4lyIKoKzrC4SS+JW3idKN+1jI2a5MfwBjyDaGiA
    ZledTopq55CsE5Kc0qPdJz4UXq2DKwrwsmtaqa3xoq8jFx93vqCKWh8IW6VQEGVB
    B/DSid4XUTaHrwF8u0GbrdNXHXtE7shpxrrGhb4smgnqOKh/5zmrMoO8RA4nXv+w
    RVk/nHCpvCyG4YzML/wAtp/6ESUvU6euEaUmqt6H7tia1WBfsQPW5pUQA0dtsvo9
    lwioDoN1z9IEuN8AXFj9uQImR02oZ4dBTpOnIpeCiLZnNDfZZzi2Ynk00RedokvO
    trKOOwSNrAb/+p/3HNfU

    (that's where it ended)

  8. Support Staff 8 Posted by Luke Le on 17 Dec, 2015 10:19 PM

    Luke Le's Avatar

    That's curious that it fails to connect to gpg-agent at first.
    Would you mind contacting Gemalto And asking them if they know of some incompatibility with El Capitan.
    We know of different users using a smart card or usb token with El Capitan and havent't heard of any problems yet, so I'm starting to think this might be related to the driver

  9. 9 Posted by n0trab on 18 Dec, 2015 04:41 AM

    n0trab's Avatar

    Would it be a bad idea to install or update something with Homebrew?

    Right now my setup looks like this:

    $ brew search gpg
    gpg             gpg-agent       gpg2            gpgme           libgpg-error  
    Caskroom/cask/gpgtools
    

    In case it's relevant:

    $ brew doctor
    Please note that these warnings are just used to help the Homebrew maintainers
    with debugging if you file an issue. If everything you use Homebrew for is
    working fine: please don't worry and just ignore them. Thanks!
    
    Warning: You have external commands with conflicting names.
    
    Found command `brew-cask` in following places:
        /usr/local/bin/brew-cask
        /usr/local/Library/Taps/caskroom/homebrew-cask/cmd/brew-cask.rb
    

    Is there any chance I should brew install or uninstall or upgrade anything? Or ...?

  10. Support Staff 10 Posted by Luke Le on 18 Dec, 2015 10:05 AM

    Luke Le's Avatar

    Hi,

    that's something you could try.
    Best uninstall GPG Suite using the uninstaller provided in the installer dmg.

    After that, run:
    brew install gpg2 gpg-agent

    And then check if you can now use your smart card.
    If you can, there's probably something wrong with our changes to gnupg for os x.
    Our changes are pretty minor, but it's certainly worth giving it a shot.

  11. 11 Posted by n0trab on 18 Dec, 2015 04:01 PM

    n0trab's Avatar

    Uninstalled GPG Suite.
    Ran brew update and brew doctor.
    Ran
    $ brew install gpg2 gpg-agent

    No joy.

    $ gpg2 --card-status
    gpg: no running gpg-agent - starting one
    gpg-agent[1617]: invalid debug-level `expert log-file ~/.gnupg/gpg-agent.log' given
    scdaemon[1618]: PC/SC OPEN failed: unresponsive card (0x80100066)
    scdaemon[1618]: PC/SC OPEN failed: unresponsive card (0x80100066)
    gpg: selecting openpgp failed: Card error
    gpg: OpenPGP card not available: Card error
    $ scdaemon[1618]: scdaemon (GnuPG) 2.0.29 stopped
    
    I don't understand any of the scdaemon lines. Do I have or need an scdaemon to go with the .conf file?

    In any case, I removed from the gpg-agent.conf file the debug line you asked me to try earlier (debug-level expert log-file ~/.gnupg/gpg-agent.log) and I also removed the scdaemon.conf file I had added earlier in this thread. It had nothing in it but the 'disable-ccid' line you gave me.

    After that I'm back to:

    $ gpg2 --card-status
    gpg: no running gpg-agent - starting one
    gpg: waiting 5 seconds for the agent to come up
    gpg: selecting openpgp failed: Card error
    gpg: OpenPGP card not available: Card error
    
    I'm grateful you are staying with me on this. It's driving me nuts. So...
    1. Next step?
    2. If I install GPG Tools again, will it replace the gpg2 and gpg-agent from brew? Do I want it to do that? Or should I brew uninstall those first?
    3. Will you open this up as a public thread so I can send it to Gemalto?

    Thanks again.

  12. 12 Posted by n0trab on 18 Dec, 2015 04:01 PM

    n0trab's Avatar

    Ah, just saw I could make it public, and did so.

  13. 13 Posted by n0trab on 18 Dec, 2015 05:11 PM

    n0trab's Avatar

    I have found a couple of threads around the net that look as though they might be relevant, but they are over my head technically.

    Does this one on SmartCard Services have any relevance?

    Based on a thread I found here, I tried pcsctest. (I still have only the brew versions of GPG2 and gpg-agent installed.)

    $ pcsctest


    MUSCLE PC/SC Lite Test Program


    Testing SCardEstablishContext : Command successful. Testing SCardGetStatusChange Please insert a working reader : Command successful. Testing SCardListReaders : Command successful. Reader 01: Gemalto USB Shell Token V2 Enter the reader number : 1 Waiting for card insertion
    : Command successful. Testing SCardConnect : Card is unresponsive.

    I don't know how to interpret that, other than that OS X 10.11x sees the Gemalto token, sees that a card is inserted but can't talk to the card. Again, I know for sure the card is good because it works on OS X 10.10.

    Grrrr.

  14. 14 Posted by n0trab on 18 Dec, 2015 06:11 PM

    n0trab's Avatar

    Sorry for flooding this thread but I have one more bit for comparison. Uninstalled Brew versions of gpg2 and gpg-agent, reinstalled the latest GPG Tools, and put in a Yubikey 4. I don't actually want to use that at the moment but here's what happened -- I got further with pcsctest, but then gpg said the card was "not supported." The Yubikey, too, works on OS X 10.10.

    $ pcsctest
    
    MUSCLE PC/SC Lite Test Program
    
    Testing SCardEstablishContext    : Command successful.
    Testing SCardGetStatusChange 
    Please insert a working reader   : Command successful.
    Testing SCardListReaders         : Command successful.
    Reader 01: Yubico Yubikey 4 OTP+CCID
    Enter the reader number          : 1
    Waiting for card insertion         
                                     : Command successful.
    Testing SCardConnect             : Command successful.
    Testing SCardStatus              : Command successful.
    Current Reader Name              : Yubico Yubikey 4 OTP+CCID
    Current Reader State             : 0x54
    Current Reader Protocol          : 0x1
    Current Reader ATR Size          : 18 (0x12)
    Current Reader ATR Value         : 3B F8 13 00 00 81 31 FE 15 59 75 62 69 6B 65 79 34 D4 
    Testing SCardDisconnect          : Command successful.
    Testing SCardReleaseContext      : Command successful.
    Testing SCardEstablishContext    : Command successful.
    Testing SCardGetStatusChange 
    Please insert a working reader   : Command successful.
    Testing SCardListReaders         : Command successful.
    Reader 01: Yubico Yubikey 4 OTP+CCID
    Enter the reader number          : ^C
    

    Then:

    $ gpg2 --card-status
    -bash: /usr/local/bin/gpg2: No such file or directory
    
    And
    $ gpg --card-status
    gpg: no running gpg-agent - starting one
    gpg: waiting 5 seconds for the agent to come up
    gpg: OpenPGP card not available: Not supported
    
  15. Support Staff 15 Posted by Luke Le on 18 Dec, 2015 06:23 PM

    Luke Le's Avatar

    There's one other approach that might shed more light on the problem.
    Could you please kill all gpg processes again:

    killall -9 gpg2
    killall -9 gpg-agent
    killall -9 scdaemon
    

    After that, run the following command:

    /usr/local/MacGPG2/libexec/scdaemon -v --debug-level expert --server
    

    in a different Terminal window, try to run gpg --card-status again

    Send us the output of the terminal running scdaemon.

  16. 16 Posted by n0trab on 18 Dec, 2015 07:49 PM

    n0trab's Avatar

    Here you go.

    $ killall -9 gpg2
    No matching processes belonging to you were found
    
    $ killall -9 gpg
    No matching processes belonging to you were found
    
    $ killall -9 gpg-agent
    
    $ killall -9 scdaemon
    No matching processes belonging to you were found
    
    $ /usr/local/MacGPG2/libexec/scdaemon -v --debug-level expert --server
    scdaemon[9424]: enabled debug flags: command cache assuan cardio
    scdaemon[9424]: handler for fd -1 started
    

    Then, after I run gpg --card-status in another window (which returns the "card not present" error):

    scdaemon[9424]: PC/SC OPEN failed: unresponsive card (0x80100066)
    scdaemon[9424]: chan_5 -> OK GNU Privacy Guard's Smartcard server ready
    OK GNU Privacy Guard's Smartcard server ready
    

    Note that this is all with the Gemalto/OpenPGP Smartcard combination.

  17. 17 Posted by n0trab on 18 Dec, 2015 09:07 PM

    n0trab's Avatar

    One more bit to throw at the wall:

    $ system_profiler SPUSBDataType
    2015-12-18 16:04:49.289 system_profiler[9783:161539] SPUSBDevice: IOServiceGetMatchingService did not return anything for location 0x01500000
    2015-12-18 16:04:49.293 system_profiler[9783:161539] SPUSBDevice: IOServiceGetMatchingService did not return anything for location 0x01600000
    2015-12-18 16:04:49.296 system_profiler[9783:161539] SPUSBDevice: IOServiceGetMatchingService did not return anything for location 0x01710000
    2015-12-18 16:04:49.297 system_profiler[9783:161539] SPUSBDevice: IOServiceGetMatchingService did not return anything for location 0x01720000
    2015-12-18 16:04:49.298 system_profiler[9783:161539] SPUSBDevice: IOServiceGetMatchingService did not return anything for location 0x01700000
    2015-12-18 16:04:49.299 system_profiler[9783:161539] SPUSBDevice: IOServiceGetMatchingService did not return anything for location 0x01800000
    USB:
    
    [snip]
    
            VMware Virtual USB Hub:
    
              Product ID: 0x0002
              Vendor ID: 0x0e0f  (VMWare, Inc.)
              Version: 1.00
              Location ID: 0x01700000
    
                USB SmartCard Reader:
    
                  Product ID: 0x3438
                  Vendor ID: 0x08e6  (Gemalto SA)
                  Version: 2.00
                  Serial Number: 845C8DF0
                  Manufacturer: Gemalto
                  Location ID: 0x01720000
    
  18. Support Staff 18 Posted by Luke Le on 18 Dec, 2015 09:28 PM

    Luke Le's Avatar

    Do you have any chance to test in a non-VMWare environment?
    That would be great to at least eliminate one point of error.

  19. 19 Posted by n0trab on 20 Dec, 2015 10:05 PM

    n0trab's Avatar

    Not immediately but I guess I'll upgrade the host. I don't use the smartcard there anyway.

  20. 20 Posted by Rambler on 16 Feb, 2016 08:17 AM

    Rambler's Avatar

    I am apparently having the same problem:

    gpg --card-status (works)

    gpg2 --card-status (fails)

    gpg: selecting openpgp failed: Card error
    gpg: OpenPGP card not available: Card error

    Trying to use gpg2 so that I can transfer my 4096 keys.

    I stopped Gnome from interfering with the gpg-agent.

  21. Support Staff 21 Posted by Steve on 17 Feb, 2016 12:23 PM

    Steve's Avatar

    Rambler could you try using gpg2 from homebrew and see if that works?

  22. Support Staff 22 Posted by Steve on 30 Mar, 2016 11:05 AM

    Steve's Avatar

    Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.

    All the best, steve

  23. Steve closed this discussion on 30 Mar, 2016 11:05 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac